junior049
asked on
Allowing external senders to send email to internal Distribution Lists
I received a request to setup several new distribution lists on our Exchange servers. They want the list to have roughly 20 internal recipients each. And they want external parties to be allowed to send to these lists.
I know this is possible by un-checking the "Require that all senders are authenticated" setting in the Mail Flow Settings tab of the Distribution List's properties.
However, I feel like this is a bit of a security concern, and could open the DL members up to spam/phishing attempts from malicious external parties. I've been trying to find some information to take back to management on why this isn't a good idea. But I can't seem to find a whole lot of info out there, other than the risk I stated above regarding opening those DL members up to external spam.
Anyone have any experience and/or guidance for this? Or any other reasons you can think of to keep the restrictions in place and only allow internal senders to send to those DL's? If the only risk is potential spam to the members of these DL's, I'm guessing they won't view that as a huge security concern so I may be forced to create them. Any input/guidance about why this is a bad idea (or no big deal at all) is greatly appreciated.
I know this is possible by un-checking the "Require that all senders are authenticated" setting in the Mail Flow Settings tab of the Distribution List's properties.
However, I feel like this is a bit of a security concern, and could open the DL members up to spam/phishing attempts from malicious external parties. I've been trying to find some information to take back to management on why this isn't a good idea. But I can't seem to find a whole lot of info out there, other than the risk I stated above regarding opening those DL members up to external spam.
Anyone have any experience and/or guidance for this? Or any other reasons you can think of to keep the restrictions in place and only allow internal senders to send to those DL's? If the only risk is potential spam to the members of these DL's, I'm guessing they won't view that as a huge security concern so I may be forced to create them. Any input/guidance about why this is a bad idea (or no big deal at all) is greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.