We help IT Professionals succeed at work.

emailing active directory distribution groups

556 Views
Last Modified: 2012-05-06
Our company like many others has a list of distribution groups for sending emails to various departments and offices within the company. Recenlty I just noticed that all of these distribution groups have an email address associated with them. Doing some testing I found that it is possible to send to the distribution group from outside the company providing you know the distributiongroup@company.com email address that is associated with it.

This is not good to have as it could potentially allow someone from outside to send mass emails within the company or it could allow for a terminated employee to do the same as well as a whole host of other bad things.

What I would like to do is stop someone from the outside from being able to send to those distribution groups but still be able to use them internally.

Originally I thought that using exchange tasks, and removing the email address would stop the ability to reach it from outside which it did. Now however I can not see the group in my outlook and cant send to it. Maybe im missing something maybe im doing someting wrong but im kinda stumped.
Comment
Watch Question

PowerShell Developer
CERTIFIED EXPERT
Top Expert 2010
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Author

Commented:
I understand the part about the requiring authentication to send.

I guess im looking more for an explanation of the following
1. Does a distribution group have to have an email associated with it to work with exchange
2. Why do they give you the option to create a distribtuion group without an email if you cant use it to send emails
3. Short of ticking the authenticated users only is there any other way
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

1. Yes. X400 only addressing was ditched after Exchange 5.5 as far as I'm aware.

2. Dunno, you'd have to ask MS :)

3. Authenticated Users is, by far, the easiest way.

But no, it's not the only one. You could validate against a recipient list for inbound mail, or add explicit lists of users to each group stating who can and cannot send. However, those are hard work by comparison and the first might not even be possible using features native to Exchange 2003.

Chris
CERTIFIED EXPERT

Author

Commented:
I probably will end up using the authenticated users checkmark as that should fulfill the requirements I stated above. It will keep outside email (not authenticated) from hitting the dist groups. And since we disabled terminated users they wont be able to get into their account in order to authenticate to send any emails.

I would think that internally you should be able to have a dist group without an email address because when you send to that group AD/exchange would be able to enumerate the members and then send the email to them. I would like to know MS reasons for not allowing that.

Im going to leave this open for a little bit longer just to see if there are any other ideas or maybe someone can post MS take on the issue.
CERTIFIED EXPERT

Author

Commented:
Did some testing with the authenticated users and this solution does block outside people from sending to our internal distribution groups. Thanks
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.