Overview
There are a few situations where you may need to restrict certain users from sending email to external users. For example, you may have part time employees that only need to send email to internal users OR you might have an employee who’s about to get terminated and don’t want them emailing clients. Fortunately, in Office 365 Exchange you can create a Mail Flow Rule to accomplish this.
Create Distribution Group to Define Users to Block Outbound Email
In order for the mail flow rule to see the group, it must be a distribution group. However, you can easily hide it from the GAL so your users don’t see it. Many organizations use CustomAttribute15 to define what displays in there GAL. If that’s your case, simply do not define CustomAttribute15 or define it to a value so it does not show in your GAL; otherwise, set the attribute to Hide group from Exchange Address Lists.
- Create a new distribution group
- Name: Block Outbound Email
- Email: blockoutboundemail@<company>.onmicrosoft.com
- Members: Add any user you want to block from sending outbound emails to external recipients (They will only be able to send to internal recipients)
- If you are using Office 365 in a Hybrid Deployment, make sure you use dirsync to synchronizes your new group
Create Mail Flow Rule
In this example, we will prevent a user from sending emails to any external recipients, but they will still be able to send to internal recipients.
- Login to the Office 365 Admin Portal https://portal.microsoftonline.com
- Click Admin then click Exchange to open the Exchange Admin Center
- Click mail flow then click on the Rules tab
- Click the + symbol and click Create a new rule
- Name the rule Block Outbound Emails to External Recipients
- Under Apply this rule if, click the recipient is located
- Select Outside the organization and click OK
- Click More Options to add another condition
- Click Add Condition
- On the new condition, select the sender is a member of this group
- Search and select the group Block Outbound Emails and click OK
- Note: Despite the wording stating “member of this group”, you can select a user instead of a group. However, it’s easier to manage and you do not need to wait for the mail flow rule to propagate on 365, which can take up to an hour in my testing.
- Under Do the following, select Block the message then click delete the message without notifying anyone, and click OK
- Click Save
IMPORTANT NOTE: It can take up to 45 minutes for Microsoft’s back end to fully synchronize rules! This means any new or modified rules can take up to 45 minutes to take effect!
11 comments
Skip to comment form
In step 6, it should read “the recipient is located”
You are correct and I’ve fixed the typo
Hello Dears
i do all of steps but i can send mail to any one outside my office
what should i do to block
Help my please
Make sure you wait 1 hour after creating the rule, the 365 back end can be slow to replicate to make the rule active
Hi,
I want to block complete outbound feature. How to achieve this?
On step 6 in the example, it adds a condition that matches the recipient being located “Outside the organization”. Simply, add another condition but select “Inside the organization”. This creates a condition that will block emails send inside or outside of the organization.
In the picture say’s *Apply this rule if…
The recipient is located… Outside the organization
and
The recipient is a member of… ‘Brian Steinmeyer’
should it not say
The sender is a member of… ‘Brian Steinmeyer’
Like it says in
9. On the new condition, select the sender is a member of this group
Search and select the group Block Outbound Email and click OK
I had the wrong screenshot up there but the text in the directions was correct. I’ve updated it with the appropriate image that reflects the directions
i successfully stopped the sender from sending emails to external domains. however, if the sender tried to send email to someone inside the organization and added in CC an email with external domain. the email will be delivered successfully. this is stupid from Microsoft.
Interesting…. I’ll test this out and write an update
were you able to figure out a solution to this? I can get it to block the CC messages but it will aloow messages to an outside email if the address is in the bcc field