Exchange 2007 Distribution Lists

3d postman with envelope and bagA new default security feature in Exchange 2007 comes for Distribution Lists. In prior versions of Exchange, the default behavior was that anyone could sent an e-mail to a distribution lists. However, beginning in Exchange 2007, this default behavior was changed to be only authenticiated users were authorized to send mail to distribution lists. The rationale appears to be that the vast majority of distribution lists are for internal purposes only, and to expose these distribution lists to external senders, would essentially provide a really easy method to spam a bunch of people.

Think of it this way, does your organization use any othe following distribution e-mail addressses?

  • company@domain.com or domain@domain.com
  • staff@domain.com
  • everybody@domain.com
  • employees@domain.com or allemployees@domain.com
  • managers@domain.com or management@domain.com

However, unfortunately most of us assume that a product continues to work the way it did in prior releases. Then when the product stops working, we need to go back and figure out what we didn’t know we didn’t know. Here is the error message your external sender is likely to receive:

Delivery has failed to these recipients or distribution lists:
sales@company.com
Your message wasn’t delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.

At the beginning of the detailed diagnostic message is shows:

#550 5.7.1 RESOLVER.RST.AuthRequired; Authentication required ##.

Now this example may be great, because most of your distribution groups you probably do not want exposed to external senders. However, sales might be one you do want exposed. So how do you do this in Microsoft Exchange 2007?

  1. Within Exchange System Manager
  2. Go to the distribution list’s properties
  3. Click on the Mail Flow Settings tab
  4. Double-click Message Delivery Restrictions
  5. Un-check the box “Require that all senders are authenticated”

There is no need to restart the server or any services. However it may take a couple of brief moments to take effect.

That’s all there is to it. Enjoy!