Forum Discussion
Allow only specific domain to email a distribution group
I'd like to allow only a specific external sender domain to send email to our distribution group (DG) in M365. (The DG is actually a mail-enabled security group synced from AD.) I see that a mail-flow rule doesn't process until after the DG is expanded, so can't match the DG as the recipient. I see that the DG has an attribute dLMemSubmitPerms to specify who's permitted to send to the group, but I think that is only for objects in AD and wouldn't be able to use an external domain? When I try to modify dLMemSubmitPerms I get an error anyway.
So how can this be done?
I figured out a way. Using a mail flow rule where the header contains "To" of the distribution group. And have it block those messages, and an exception of the domains to allow.
VasilMichev , thanks for the clue.
- You can use a mail flow rule with "includes any of these recipients in the To or Cc box" condition.
- JeffRyerCopper Contributor
VasilMichev - I already tried a mail-flow rule and it didn't work; and then I found the reason why:
"Note - If the Mail flow rule is configured to check for the recipient where the recipient is a distribution group, the rule won't be matched. When the message is sent to a distribution group, the group will be resolved to distinct users of that group before reaching Mail flow rules and instead, will check every member of a group."
- And I'm telling you that it depends on the condition used. The note you quoted applies to specific conditions only.