Block Outbound Email for Specific Users

Overview

There are a few situations where you may need to restrict certain users from sending email to external users.  For example, you may have part time employees that only need to send email to internal users OR you might have an employee who’s about to get terminated and don’t want them emailing clients.  Fortunately, in Office 365 Exchange you can create a Mail Flow Rule to accomplish this.

Create Distribution Group to Define Users to Block Outbound Email

In order for the mail flow rule to see the group, it must be a distribution group.  However, you can easily hide it from the GAL so your users don’t see it.  Many organizations use CustomAttribute15 to define what displays in there GAL.  If that’s your case, simply do not define CustomAttribute15 or define it to a value so it does not show in your GAL; otherwise, set the attribute to Hide group from Exchange Address Lists.

  1. Create a new distribution group
    1. Name: Block Outbound Email
    2. Email: blockoutboundemail@<company>.onmicrosoft.com
    3. Members: Add any user you want to block from sending outbound emails to external recipients (They will only be able to send to internal recipients)
  2. If you are using Office 365 in a Hybrid Deployment, make sure you use dirsync to synchronizes your new group

Create Mail Flow Rule

In this example, we will prevent a user from sending emails to any external recipients, but they will still be able to send to internal recipients.

  1. Login to the Office 365 Admin Portal https://portal.microsoftonline.com
  2. Click Admin then click Exchange to open the Exchange Admin CenterOpen Exchange Admin Center
  3. Click mail flow then click on the Rules tab
  4. Click the + symbol and click Create a new rule       Create New Rule
  5. Name the rule Block Outbound Emails to External Recipients
  6. Under Apply this rule if, click the recipient is located
    1. Select Outside the organization and click OK
  7. Click More Options to add another condition
  8. Click Add Condition
  9. On the new condition, select the sender is a member of this group
    1. Search and select the group Block Outbound Emails and click OK
    2. Note: Despite the wording stating “member of this group”, you can select a user instead of a group.  However, it’s easier to manage and you do not need to wait for the mail flow rule to propagate on 365, which can take up to an hour in my testing.
  10. Under Do the following, select Block the message then click delete the message without notifying anyone, and click OK
  11. Click Save

IMPORTANT NOTE:  It can take up to 45 minutes for Microsoft’s back end to fully synchronize rules!  This means any new or modified rules can take up to 45 minutes to take effect!

Block Outbound Email

 

 

 

11 comments

Skip to comment form

    • RSP on September 22, 2015 at 1:39 pm

    In step 6, it should read “the recipient is located”

    1. You are correct and I’ve fixed the typo

    • Eng Ahmed on March 6, 2017 at 7:02 am

    Hello Dears
    i do all of steps but i can send mail to any one outside my office
    what should i do to block
    Help my please

    1. Make sure you wait 1 hour after creating the rule, the 365 back end can be slow to replicate to make the rule active

    • shashidhar on September 15, 2017 at 3:17 am

    Hi,
    I want to block complete outbound feature. How to achieve this?

    1. On step 6 in the example, it adds a condition that matches the recipient being located “Outside the organization”. Simply, add another condition but select “Inside the organization”. This creates a condition that will block emails send inside or outside of the organization.

    • Daniel Magnusson on October 2, 2017 at 5:22 am

    In the picture say’s *Apply this rule if…
    The recipient is located… Outside the organization
    and
    The recipient is a member of… ‘Brian Steinmeyer’

    should it not say
    The sender is a member of… ‘Brian Steinmeyer’

    Like it says in
    9. On the new condition, select the sender is a member of this group
    Search and select the group Block Outbound Email and click OK

    1. I had the wrong screenshot up there but the text in the directions was correct. I’ve updated it with the appropriate image that reflects the directions

    • Mosameer on October 3, 2017 at 5:16 am

    i successfully stopped the sender from sending emails to external domains. however, if the sender tried to send email to someone inside the organization and added in CC an email with external domain. the email will be delivered successfully. this is stupid from Microsoft.

    1. Interesting…. I’ll test this out and write an update

        • Ron on February 20, 2018 at 4:11 pm

        were you able to figure out a solution to this? I can get it to block the CC messages but it will aloow messages to an outside email if the address is in the bcc field

Comments have been disabled.