Exchange – Allowing limited external senders to email a Distribution List

Yes I get it, a bit of a mouthful. Basically, for very good anti-spam reasons no organisation should have Distribution Lists available as a recipient from external senders.

That being said, there is always at least one exception that will disprove the rule. So what do you do? It’s OK, Exchange has an inbuilt function across al versions. The function is a Hub Transport Rule.

Note: The Hub Transport Rule we will be creating will activate an entire external domain not specific email addresses.

Before you begin, you will need the following information:

  • The email address of the Distribution List;
  • The domain name of the email addresses to be allowed.

If you have that all to hand, let’s begin.

Dependant upon which version of Exchange you are using, launch the appropriate Exchange Management Console, this will either be an installed application or a web based administrator.

Installed EMC

On the left of the EMC GUI, expand Microsoft Exchange On-Premises > Organization Configuration and select Hub Transport.

Online EMC

On the left of the webpage, select More Features, then click on the Open button below Transport Rules.

Settings for the Rule

  1. Click on the New rule button in the EMC;
  2. When the wizard begins, the settings should be:

When any of the recipients in the To or CC fields are people
Set this to the email address of the Distribution List

Silently drop the message
This ensures that any messages sent to the email address from outside the organisation will be deleted without notification.

Except when the From address contains specific words
Set this to the domain that should be allowed, no need for wildcards, e.g.

Once the rule has been saved, the next step is to change the security on the Distribution List itself. Out of the Box, Exchange should have the setting Require that all senders are authenticated enabled. The setting should be unticked to allow the Hub Transport Rule to filter the email.

The setting is located within the Message Delivery Restrictions.


This is just one way to achieve this result. If you utilise an enterprise mail filtering solution such as MimeCast, it may prove to be a more elegant solution to utilise a mail filtering rule within the admin panel instead. As it may allow more granular control of what is passed through.