Preventing ‘Reply-All’ to Exchange Distribution Groups

This is another question in a short series regarding a challenging Exchange project my co-workers have been asked to implement. (I'm helping even though I'm primarily a Unix guy because I volunteered to learn powershell and implement as much of the project in code as I could.)

Background:

We have been asked to create many distribution groups, say about 500+. These groups will contain two types of members. (Apologies if I get these terms wrong.) One type will be internal AD users, and the other type will be external users that I create Mail Contact entries for.

We have been asked to make it so that a "Reply All" is not possible to any messages sent to these groups. I don't believe that is 100% possible to enforce for the following reasons. My question is – is my following reasoning sound? If not, please feel free to educate me on if / how things can properly be implemeneted. Thanks!

My reasoning on why it's impossible to prevent 100% of potential reply-all actions:

An interal AD user could put the DL in their To: field. They then click the '+' to expand the group. The group contains two external mail contacts. The message is sent to everyone, including those external contacts. External user #1 decides to reply-all, and his mail goes to, at least, external user #2, which wouldn't even involve our Exchange mail relays.
An internal AD user could place the DL in their Outlook To: field, then click the '+' button to expand the DL. They then fire off an email to everyone that was in the group. (But the individual addresses are listed in the 'To:' field.) Because we now have a message sent to multiple recipients in the To: field, the addresses have been "exposed", and anyone is free to reply-all, and the messages just get sent to everyone in the To: field. Even if we try to set a Reply-To: field for all of these DLs, external mail clients are not obligated to abide by it, or force users to abide by it.

Are my two points above valid? (I admit, they are somewhat similar.) Am I correct to tell our leadership "It is not possible to prevent 100% of the cases where someone will want to Reply-All to these groups UNLESS we train the users sending emails to these groups that the Bcc: field is to be used at all times."

I am dying for any insight or parts of the equation I'm not seeing clearly. Thank you!!!

Best Answer

A few ideas:

You could set the groups as dynamic dist groups to prevent expansion, and set them up as moderated to prevent unauthorized mail.
- Or just set a hard filter of allowed senders if that'll fly - but, that won't work for external users without disabling authentication.
You can strip the reply-all button off of Outlook via group policy for internal users.

Nothing here stops users who know who's in the list from just sending mail to them.. but you can prevent casual exposure of that if it's non-trivial to expand the group to its members.

Best Answer

Related Solutions

Prevent user “click-expansion” of Exchange distribution group

Ldap – How to filter for Microsoft Exchange Distribution lists from general AD LDAP groups

Related Topic