Exchange 2010 Transport rules to block broadcast emails to the GAL from outside

Employee leaves, starts emailing the GAL from different gmail accounts.  Attempting to create transport rules which will stop such emails.

My criterion currently are:
'sent to person1@domain.com' and 'person2@domain.com in to or cc field' and 'sent from outside'.

Open in new window

This only blocks the email from reaching these 2 people and lets the rest of the gal receive it.  Basically I want that if these 2 people are on an email (to or cc) the entire email is diverted and nobody gets it.  Am open to other solutions as well.
LVL 2
YMartinAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
What I do in this case, block whole domain. As you cannot control this by a rule. As user can send from different id and you will again need to create new one. If you have any 3rd party spam filter, like SMG or Trend Micro. User can also mark it as spam directly. Spam can be controlled by users more than server admin.
Will SzymkowskiSenior Solution ArchitectCommented:
Unfortunately this would not be classified as spam because the user is not sending (thousands of email blasts) which will get flagged.

Personally, I would not be doing this from the Exchange server it should be done from your perimeter device like and Edge Server or Smart host. This is recommended so that the email never makes it into your domain, in case there are malicious files associated with the email.

But for whatever reason you need to perform this on your Exchange server like above the way to do this is create external contacts in Exchange for these 2 addresses (create an OU called Blocked Contacts or something like that where these can be stored)

Do the following..
- create the external contact (1 for each email)
- create your transport rule (receive anything sent to these contacts)
- drop the message

Unfortunately this does get a little time consuming because you need to create an external contact for each email you want to block. Exchange has to reference the GAL for addresses so you need to add them into your Exchange environment. Once you have created your rules you can then "hide them from the address book"

Will.
YMartinAuthor Commented:
Thanks for the tips guys.  However neither of these suggestions will work.  I have already blocked the sender however this person keeps creating new accounts just for the purpose of sending these emails.  Blocking a major email domain is also not realistic.

An edge device would be good however transport rules seem to almost do what I want but not quite.  Was thinking that someone more familiar with them could get it to work.

I need to moderate an email as a whole not just individual recipients of that email while using the recipient list to flag an email for moderation.  Why would an email sent to 500 people be let through to 498 of those people but be moderated for 2 of those recipients.  That's not moderation in the general sense yet when I use the 'to' field to trigger moderation it only holds for moderation the copy of that email strictly to the recipients specified in the rule not the entire email.  If I could get it to apply to all recipients I would be set.

It is SPAM as far as our organization is concerned but not from a general perspective I suppose: Irrelevant or inappropriate messages sent on the Internet to a large number of recipients.
Will SzymkowskiSenior Solution ArchitectCommented:
Typically when you have a scenario like this, you need to do the individual blocking. If you want to block your users from inside the domain to reply back to these email, you need to create individual external contacts in your Exchange environment. Then set a Transport rule to drop anything going to these external contacts.

You also have another option as well. If this user is sending to specific Distribution Groups you can ensure that the Distribution Group require Authentication. This means that user will not be able to spam these large groups of people.

Another method you can do is below with message moderation. Have all of your external mail go to a specific mailbox for the time being for Moderation and then once you stop receiving these emails you can disable the Rule. See screenshots below...
mod1.JPGmod2.JPGmod3.JPG
It is SPAM as far as our organization is concerned but not from a general perspective I suppose

Yes i do understand your frustration but it will not be classified as spam. As stated having a smart host of some sort would be a better solution but i have outlined your requirements and gave multiple options/scenarios.

Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
YMartinAuthor Commented:
Thanks for the help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.