'550 5.7.520 Access denied, Your organization does not allow external forwarding

Question

'550 5.7.520 Access denied, Your organization does not allow external forwarding

Frikkie298 0

Good morning,

Need some help here.

We have a consultant that gets this error when auto forwarding mail to us that gets this message:

'550 5.7.520 Access denied, Your organization does not allow external forwarding.

I understand the error and know what to do to make it go away.

My questions are:

What will the consequences be of allowing auto-forwarding?
Is there a way to work around this and only allow auto-forwarding for one email address or domain?

As far as i an tell it is all or noting with this setting and I feels incredible risky to allow it.

Thanks

2 answers

Your answer

Answer 1

Michael Morten Sonne 605 MVP

Hi @Frikkie298 ,

This is happening as the setting for the Anti-spam outbound policy in the Security center (https://security.microsoft.com/antispam) is set to block Automatic forwarding.

This is a default setting over time, and you can allow users/mailboxes to de excluded if needed.

Here is my answers to your 1:

Risks and consequences:

Security: Auto-forwarding can pose security risks if etc. some emails is set to be send to an company's competitor or private email from your work email
Data Leakage: There is a risk of unintentional data leakage if sensitive information is forwarded to external accounts without proper security measures.

Here is my answers to your 2:

You can allow this specific user/mailbox this way:

Go to https://security.microsoft.com/antispam
Select "+ Create policy" and choose "Outbound"
Give your new outbound spam filter policy a name and description.
Click Next and search to find the user account you want to allow to forward
Click Next again, scroll down to the Forwarding rules section, and click the dropdown under Automatic forwarding rules. Choose On - Forwarding is enabled, then click Next.

It is possibel to allow it for all in the Anti-spam outbound policy (Default) policy, but I will NOT recommend that.

Hope this help you :)

Frikkie298 0 Reputation points

2024-02-19T11:53:34.26+00:00

Thanks Michael,
We are talking about inbound email here. I did go through your recommendation already.
the setting required is not available for inbound emails
Michael Morten Sonne 605 Reputation points MVP

2024-02-19T12:35:59.9166667+00:00

Oh sorry for that.. 😊 From what the error is specific and what you then write in your post, it´s a setting in the tenant for your consultant´s company - if he can´t automaticly autoforward emails from etc. ******@company.com to ******@yourcomany.com. There is yes nothing you can do, as this can´t be controlled inbound. Your consultant need to ask his IT department to be allowed if there is a need for this. But normaly from my experience this is only needed in small scenarios.
Sheldon Cairns 5 Reputation points

2024-10-11T12:35:33.5466667+00:00

Shot Mike!

This worked for me.
Jimbo Jones 11 Reputation points

2024-12-09T23:40:21.76+00:00

Michael, you are a legend, it's not often I come to a microsoft site for microsoft solutions any more. Well played!

Answer 2

Frikkie298 0

Here is a screen shot of the error. IT shows the remote server rejected the message. So it has to be something on my side that needs to be done.
error 550

Michael Morten Sonne 605 Reputation points MVP

2024-02-21T09:48:26.37+00:00

And this is send from the consultant to you right? :)

If this error is from the consultants tenant, its there it´s he needs to be whitelisted if I understand the flow here correct.

The error message is saying exactly why it´s failing, and here is some information about it here to: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/outbound-spam-policies-external-email-forwarding?view=o365-worldwide#blocked-email-forwarding-messages

The outbound spam filter policy blocks it.

Share via

'550 5.7.520 Access denied, Your organization does not allow external forwarding

2 answers

Your answer