Forwarding a Email account to an Email Group in Exchange Ramifications?

Hello,

We are running Exchange 2013 and I have a few users that are asking if they can have a user email forward to an email distribution group.  It seems like its possible but you need to rely on Powershell as apposed to the EAC GUI scaffolding.   But I am wondering, is this recommended?  Are there any ramifications to doing this like email routing loops or Out of Office Storms?  Ordinarily I would just change the account in question to a group, but i believe it needs to be an account for 3rd part authentication purposes.

Thanks for your insight and experience.
CnicNVAsked:
Who is Participating?
 
Mohammad Ishtyaq KhatriConnect With a Mentor Commented:
hi,

It is about the choice and the requirement why you need to do it. You have mentioned users email forward, which is in short forwarding emails received by a user that could also violate any security policies in our organization. You should first validate this approach with your security team within the organization. If this is a service account and not an actual user account I feel it should be fine.

However, you can set the forwarding with minimum efforts within the EAC console by following the below steps

1. Open EAC
2. Search for the user you need to forward --> Open Properties
3. Go to Mailbox Features --> Mail flow --> View Details
4. Check Enabled Forwarding --> Browse the group you want to sent the email to --> Check if you want to deliver the message to both the destinations
5. If the email group you are trying to forward email to is not within your exchange organization: You can skip the No. 4 and follow No. 6
6. Create a contact with the name of that group --> set the external SMTP address of that contact as that group SMTP address and now follow the step 4. again to set the forwarding. While browsing search for the contact you need to forward and that should be good to go.

Note: If the receiving group which is outside your organization and is not enabled to receive emails from outside. That group admin has to enabled that setting on their end. However, if that group is within your organization you don't need to do any of those settings on the group.
1
 
ITguy565Commented:
@CnicNV

I agree 100% with @Mohammad Ishtyaq Khatri

In our organization as well this would be a violation of security Protocols. It all depends on the e-mail account and the "Content" that will be shared through it.

As a general rule this is frowned upon, but can be ok in "some" circumstances,

If the account is a svc account as listed above. If the account is a pooled account that many departments use then I don't see why it can't be a distribution group.

If the account is a "Users" account or "Former Employee" account this could be a problem. All depends on your company security policies and how you handle terminated users. I might before I did that check with my Security Team and or "Legal Team" to get their take on the matter. If you are utilizing a former employees account and need it in the future for litigation you are most likely not going to be able to use it if you take this approach.
0
 
CnicNVAuthor Commented:
Thanks to both of you for the feedback and detailed step by step.  

For the record, this account is a service account and is not used by an actual person per-say, it is mostly used to authenticate to, receive alerts and for testing purposes.  Was more kind of worried about some-kind of unforeseen email topology loop.  But yeah, there should never been an auto-reply put onto it lol and I will not make it a member of the same group.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.