One way of telling how long a Microsoft employee has been working here is their reaction to the phrase “Bedlam DL3”. Just for grins, I was at lunch in the cafeteria with a bunch of co-workers and I...
Updated Jul 01, 2019
Version 2.0
Blog Post
AC: #1: Rights Management (Exchange permissions system) isn't about preventing people from screwing up, Exchange has had lots of other mechanisms to prevent that (like marking DL's as restricted) since Exchange 4.0 shipped. The Exchange right management stuff is about privacy, not about preventing user mistakes.
#2: The problem is that the Exchange client can't know this. There are two aspects to this: First, the DL in question might be in a different forest, in which case it's just a custom recipient in the local forest - there's no DL membership to look at. The other reason is that DL membership can be restricted - Outlook can't see the membership list, so it can't tell how many users are on it.
#3: That is exactly the user error that happened - the developer writing the application forgot to lock the DL down and bedlam broke out. And reversing the defaults isn't a good idea IMHO - that would discourage people from using DL's and create a support nightmare - Imagine the number of calls we'd get from frustrated Exchange Administrators:
"I just created this distribution list, but my users can't send mail to it!"
The bottom line is that there's no good answer to this. If we WERE to change the default, then the 95% case would be made harder (administrators would have to check a "allow users to send to this DL" checkbox). And since most of the time users want to be able to post to DL's, administrators would get in the habit of checking the box every time they created a DL.
The bottom line is that if it's not a security risk (and this isn't), chosing the default be the one that users almost always want to do is best (IMHO).
#2: The problem is that the Exchange client can't know this. There are two aspects to this: First, the DL in question might be in a different forest, in which case it's just a custom recipient in the local forest - there's no DL membership to look at. The other reason is that DL membership can be restricted - Outlook can't see the membership list, so it can't tell how many users are on it.
#3: That is exactly the user error that happened - the developer writing the application forgot to lock the DL down and bedlam broke out. And reversing the defaults isn't a good idea IMHO - that would discourage people from using DL's and create a support nightmare - Imagine the number of calls we'd get from frustrated Exchange Administrators:
"I just created this distribution list, but my users can't send mail to it!"
The bottom line is that there's no good answer to this. If we WERE to change the default, then the 95% case would be made harder (administrators would have to check a "allow users to send to this DL" checkbox). And since most of the time users want to be able to post to DL's, administrators would get in the habit of checking the box every time they created a DL.
The bottom line is that if it's not a security risk (and this isn't), chosing the default be the one that users almost always want to do is best (IMHO).