Forum Discussion
Policy for limiting external domains and allowing particular external receivers
Hi community,
According to the guide https://learn.microsoft.com/en-us/defender-office-365/outbound-spam-policies-external-email-forwarding i have created the following rule for our test domain:
Rule description Apply this rule if 'X-MS-Exchange-Inbox-Rules-Loop' header matches the following patterns: '.'
Do the following Set audit severity level to 'Medium' and reject the message and include the explanation 'Delivery not authorized, message refused' with the status code: '5.7.1'
Except if recipients's address domain portion belongs to any of these domains: 'xyz.com'
Rule Idea is to block all external mail forwardings except the ones directed to the domain xyz.com. 
______________________________________________
Another rule testing i performed:
Apply this rule if
Is sent to 'Outside the organization' and sender's address domain portion belongs to any of these domains: 'localdomain.com'
Do the following
Set audit severity level to 'Medium' and reject the message and include the explanation 'external forwarding is not allowed' with the status code: '5.7.1'
Except if
recipients's address domain portion belongs to any of these domains: 'xyz.com'.
Unfortunately this is not working and if i create mailbox-based rules that forward to mails lets say to gmail and to xyz.com both , the mails get dropped with explanation:
Reason: [{LED=250 2.1.5 RESOLVER.MSGTYPE.AF; handled AutoForward addressed to external recipient};{MSG=};{FQDN=};{IP=};{LRT=}] 
For both cases i made sure the auto forwarding is enabled under "anti spam" rules in the security admin center.
I receive in the mail flow logs messaged dropped for a mail located in xyz.com and in gmail.com.
The forwarding configured in outlook on a mail from localdomain.com is intended to auto forward messages to a mail address in gmail.com and in xyz.com, where they mails should arrive.
I am wondering what would be the correct policy in order to being able to except particular ext domain/ext mailbox. 
Another approach i found is to disable the auto fwd globally and to enable it for particular users only, but unfortunately can not be limited to whom the mailbox can forward and this is not useful solution for us. 
Regards
Sofia
2 Replies
- Dan_SnapeBronze ContributorThere's no need to create a mail flow rule at all. Best practice is to create a new outbound anti-spam policy with external forwarding enabled (and all other settings the same as the existingpolicy) and scope it only to the users you want to allow to email forwarding. 
- SchnittlauchIron ContributorHi Sofia, I'm having a understanding issue what your goal is and what you'd like to achieve. Could you update your post to a more structured description? I understood: You want to forward all emails which are sent to "email address removed for privacy reasons" to "email address removed for privacy reasons" but only from specific domains? Why dont you enable full-forwarding for Mailbox1 and just create a transport rule which applies for Mailbox1 to reject respective domains? BR Schnittlauch