Export (0) Print
Expand All

Use Directory Based Edge Blocking to Reject Messages Sent to Invalid Recipients

Exchange 2013
 

Applies to: Exchange Online Protection, Exchange Online

Topic Last Modified: 2014-06-18

The Directory Based Edge Blocking (DBEB) feature in Exchange Online and Exchange Online Protection (EOP) lets you reject messages for invalid recipients at the service network perimeter. DBEB lets admins add mail-enabled recipients to Office 365 and block all messages sent to email addresses that aren’t present in Office 365.

If a message is sent to a valid email address present in Office 365, the message continues through the rest of the service filtering layers (anti-malware, anti-spam, transport rules). If the address is not present, the service blocks the message before filtering even occurs, and a non-delivery report (NDR) is sent to the sender informing them that their message was not delivered. The contents of the NDR will be similar to the following: '550 5.4.1 [<nosuchuser>@<recipient_domain>]: Recipient address rejected: Access denied'.

The steps for configuring DBEB are as follows:

  1. Ensure that your accepted domain to Set to Internal relay:

    1. In the EAC, go to Mail flow > Accepted domains.

    2. Select the domain and click Edit.

    3. Ensure that the domain type is set to Internal relay. If it’s set to Authoritative, change it to Internal relay and click Save.

  2. Add valid users to Office 365. You can do this in one of the following ways:

    • Directory synchronization. Add valid users to Office 365 by synchronizing from your on-premises Active Directory environment to Windows Azure Active Directory in the cloud. For more information about how to set up directory synchronization, see “Use directory synchronization to manage recipients” in Manage mail users in EOP.

    • Add users via remote Windows PowerShell. For more information about how add users in this manner, see “Use remote Windows PowerShell to manage mail users” in Manage mail users in EOP or Manage mail users (for Exchange Online customers).

    • Add users directly in the Exchange admin center (EAC). For more information about how add users in this manner, see “Use the EAC to manage mail users” in Manage mail users in EOP or Manage mail users (for Exchange Online customers).

  3. Set your accepted domain to Authoritative:

    1. In the EAC, go to Mail flow > Accepted domains.

    2. Select the domain and click Edit.

    3. Set the domain type to Authoritative.

      NoteNote:
      If all of your valid users have not been added to Office 365 then you should leave the domain type configured as Internal relay until those users have been added.
    4. Click Save to save your changes, and confirm that you want to enable Directory Based Edge Blocking.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft