Exchange Online: Restrict external recipients in To or CC headers.

Brass Contributor

Hello

 

I have a requirement to ensure that mail sent to multiple external 3rd parties is done so using BCC.

 

This is a data loss prevention scenario to avoid the sharing of recipients' email addresses with each other.

 

This is obviously a training and management issue but mistakes happen. I'm looking at options to restrict the number of recipients in the TO or CC fields when multiple external recipients are added. Kind of like the way MailTipsLargeAudienceThreshold detects this but be able to prevent sending.

 

I cannot find a way to target specific recipient header types via transport rules or to set a limit similar to Mail Tips.

 

I am interested also in any 3rd party solutions that can do this but ideally I'm looking for an EXO native solution.

 

Thanks

4 Replies

Hi @FuriousHaggis,

Microsoft Exchange Online (EXO) provides various features for transport rules, but specific limitations on the number of recipients in TO or CC fields for external addresses might not be directly achievable using native Exchange features.


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

Thanks@LeonPavesic .

 

I wanted to make sure I had not missed anything.

 

I have an idea to target the comma in the CC header where mail is being sent internal to external. There really shouldn't be any email addresses with commas so I'm prepared to take the risk. This should catch two or more recipients. I will then NDR that with a customer message to sender to use BCC.

 

I wonder if anyone else has encountered this requirement. I know it is being asked of in my org's sector.

Hi @FuriousHaggis,

thanks for the update.

To target the comma in the CC header where mail is being sent internal to external is an interesting idea. There really shouldn’t be any email addresses with commas so you can take the risk. This should catch two or more recipients. You can then NDR that with a customer message to the sender to use BCC.

Please note that in O365 Exchange Online, recipient limits are standard and apply to all fields (TO, CC, and BCC), and we cannot restrict recipient limits.

Transport rule header internal email - Microsoft Community Hub
Limit number of addresses in To and CC field, but not BCC field - Microsoft Community

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

Looks like it doesn't like the comma or even the @ symbol. I wonder if I need to use some regex to state this. Something to catch space-comma-space.