How To Block A User From Sending & Receiving Emails Externally In Exchange 2010…

Share & Comment

Some organizations have strict security policies when it comes to email. Most of you have seen a request from HR or Legal asking you to block a particular user (maybe a temp) from sending and receiving emails from outside the organization.

This can be accomplished with transport rules or a combination of transport rule and shell command.

We can configure a transport rule to block the user from sending emails externally. There are two options, either we can delete the emails which the user tries to send without notifying anyone or we can send an NDR back to the user with a customized message.

Launch EMC, navigate to Organization Configuration –> Hub Transport –> Transport Rules. Create a new rule and give a meaningful name. Select “from people” in conditions page and select the mailbox account. We can also create a group and add the group if more number of users have to be blocked and unblocked on a regular basis.

From People

From the actions page, select one of the options depending on your choice.


Configure any exceptions if needed, click on “New” and “Finish” to create the rule.

Now, let’s block the user from receiving emails from the internet. Everyone knows that the distribution groups in Exchange 2010 doesn’t accept emails from outside the organization by default. This is because of the check box “Require that all senders are authenticated” in the group’s property.

All senders are authenticated

The same can be applied to a mailbox as well. This option is not exposed in the EMC and hence the shell has to be used. By default, anyone can send an email to a mailbox, as the “RequireSenderAuthenticationEnabled” is set to false.

Default is false

Run the following command to block external emails for a user, say ChakkaRajith in my case.

Set-Mailbox –identity “ChakkaRajith” –RequireSenderAuthenticationEnabled $true

Set to true

We can also block emails from internet to a user using transport rule. It is advisable to create a group, say “NoExternalEmails” and add members to it, if the user list changes frequently. Create a transport rule as explained above with the below conditions.

Transport rule to block external emails 

The steps are same for Exchange 2007 and is explained in my article posted in 2009.

Share & Comment
Subscribe for Updates
Never miss a blog post again
About the author: UC Architect, Blogger, Husband & Dad. I have been in IT for the last 12 years, with Exchange Server becoming the prime area in the last few years. I am active on Experts Exchange & TechNet forums and I am a technical author for SearchExchange.

14 comments… add one

  1. Anonymous

    This is will not work it will block user from sending both internal and external users

    1. saqi

      Yeah, it will, as it is said in first paragrapsh dear.


      1. Rajith Enchiparambil

        Thanks Saqi.

  2. To block user send and receive externally, follow below steps:

    Open Exchange Management Console from Exchange Server 2K7.
    Go to Organization Configuration.
    Select Hub Transport.
    In right panel, click on New Transport Rule.
    Give any name as per your convinience>>Next
    Select “From People” and select name below as per your requirement>>Next
    Select “Send bounce message to sender with enhance error code” option>>Next

    1. Rajith Enchiparambil

      Thanks Pranay for the steps.

  3. William


    I need to create a transport rule for all users who no longer work at the company. I tried to do the following:

    Transport Rule > Apply rule to messages from users that are ‘Outsite the Organization’ and sent to member of ‘Distribution Group’ send ‘rejection message’ to sender with ‘enhanced code’

    But I could not include the message you want, explaining that this person is no longer official business. Does anyone know what is the best way to accomplish this task?

    Thank you,

    1. HI William,

      Why don’t you login to the mailbox and set an automatic reply (OOF) rather than a transport rule.

    2. NASER


      why rule of sending to outside-org don’t work after creating it

      thank u

      1. What are you trying to achieve? Bit more info pls Naser.

  4. NASER


    why rule of sending to outside-org don’t work after creating it

    thank u

  5. muhammed.ubais

    i am member of domain admini and exchange admini. but i could not able crate a tranportrole.

    1. Rajith Jose Enchiparambil

      Which Exchange Management role are you a member of Ubais?

  6. Garrett Michael Hayes

    Just an FYI: The “Require that all senders are authenticated” setting for a mailbox *IS* exposed in the Exchange 2010 UI – it’s just in a different place than it is for Distribution Groups. On a mailbox, it’s under Mail Flow Settings | Message Delivery Restrictions

    1. Thanks for the tip Garrett.

Leave a Comment