outbound spam filter policies

Martin Schenkel 21 Reputation points
2020-12-15T14:57:14.307+00:00

Hi

I'm struggeling with Microsofts outbound spam filter policy in Exchenge 365. Automatic forwarding in my domain is set to "System Controlled". However, I would like to allow forwarding to certain external domains. The obvious thing would be to use remote domains.

This doesn't seem to work because of this: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/external-email-forwarding?view=o365-worldwide

Remote domain settings and mail flow rules are independent of the settings in outbound spam filter policies. For example: 

You allow automatic forwarding for a remote domain, but you block automatic forwarding in outbound spam filter policies. In this example, automatically forwarded messages are blocked

OK, then to this... 

You allow automatic forwarding in outbound spam filter policies, but you use mail flow rules or remote domain settings to block automatically forwarded email. In this example, the mail flow rules or remote domain settings will block automatically forwarded messages

Unfortunaltely, I can't find a way in mail flow rules to allow forwarding to certain external domains and disallow everything else.

How can I do this? I believe I'm missing something obvious...

Thanks, Martin

Microsoft Office Online Server
Microsoft Office Online Server
Microsoft on-premises server product that runs Office Online. Previously known as Office Web Apps Server.
582 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,335 questions
0 comments
Accepted answer
  1. Andy David - MVP 141K Reputation points MVP
    2020-12-15T16:12:58.137+00:00

    Set the allowed forwarding to ON in the Outbound Policy:

    48370-image.png

    Then create a mail flow rule to block autoforwards with the allowed domains as exceptions:
    48379-image.png

    Reject with an explantion:
    48270-image.png

    and stop processing rules:

    Then for the domain exceptions. For the includes, enter the domain names ( contoso.com etc..)

    48441-image.png

    48287-image.png

    But you aren't done!

    You should also block PowerAutomate:

    https://learn.microsoft.com/en-us/power-platform/admin/block-forwarded-email-from-power-automate

    and Remove the ability to forward from OWA:

    https://techcommunity.microsoft.com/t5/exchange-team-blog/the-many-ways-to-block-automatic-email-forwarding-in-exchange/ba-p/607579

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Martin Schenkel 21 Reputation points
    2020-12-15T16:34:52.443+00:00

    Hi

    Thanks for this. I've found another way in the meantime.

    Set Forwarding On in Outbound Policy:
    Allow Whitelist Domains in Remote Domain ("allow forwarding")
    Disallow Forwarding in "Default Remote Domain"

    Yours is nicer though as it allows a return message.

    Martin