Configure message delivery restrictions for a mailbox in Exchange Online
You can use the Exchange admin center (EAC) or Exchange Online PowerShell to place restrictions on whether messages are delivered to individual recipients. Message delivery restrictions are useful to control who can send messages to users in your organization. For example, you can configure a mailbox to accept or reject messages sent by specific users or to accept messages only from users in your Exchange organization.
Important
Message delivery restrictions do not impact mailbox permissions. A user with Full Access permissions on a mailbox will still be able to update the contents in that mailbox, such as by copying messages into the mailbox, even if that user has been restricted.
The message delivery restrictions covered in this article apply to all recipient types. To learn more about the different recipient types, see Recipients in Exchange Online.
What do you need to know before you begin?
Estimated time to complete: 5 minutes.
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Recipients" entry in the Feature permissions in Exchange Online article.
For information about keyboard shortcuts that may apply to the procedures in this article, see Keyboard shortcuts for the Exchange admin center.
Use the EAC to configure message delivery restrictions
In the EAC, navigate to Recipients > Mailboxes.
In the list of user mailboxes, select the mailbox that you want to configure message delivery restrictions for. A display pane is shown for the selected user mailbox.
Under Mailbox settings > Message delivery restriction, select the Manage message delivery restriction link.
In the Message delivery restrictions display pane, you'll see the following options:
Accept messages from: Use this section to specify who can send messages to this user.
All senders: This option specifies that the user can accept messages from all senders. This option is the default option.
Selected senders: This specifies that the user can only receive messages from a specific list of senders. Select
Add sender to display the list of all recipients in your Exchange organization. You can also search for a specific recipient by typing the recipient's name in the search box. Select the desired recipients, and then select Confirm.Require senders to be authenticated: This option prevents anonymous users from sending messages to the user. This effectively prevents the mailbox from receiving messages from external users.
Block messages from: Use this section to block specific people from sending messages to this user.
None: This option specifies that the mailbox won't reject messages from any senders in the Exchange organization. This option is the default option.
Selected senders: Use this option to specify a list of senders that will be prevented from sending messages to this mailbox. Select
Add sender to display the list of all recipients in your Exchange organization. You can also search for a specific recipient by typing the recipient's name in the search box. Select the desired recipients, and then select Confirm.
Click Save to save your changes. Click Close to exit from the Manage mail flow settings display pane.
Use Exchange Online PowerShell to configure message delivery restrictions
The following examples show how to use Exchange Online PowerShell to configure message delivery restrictions for a mailbox. For other recipient types, use the corresponding Set- cmdlet with the same parameters.
This example configures the mailbox of Robin Wood to accept messages only from the users Lori Penor, Jeff Phillips, and members of the distribution group Legal Team 1.
Set-Mailbox -Identity "Robin Wood" -AcceptMessagesOnlyFrom "Lori Penor","Jeff Phillips" -AcceptMessagesOnlyFromDLMembers "Legal Team 1"
This example adds the user named David Pelton to the list of users whose messages will be accepted by the mailbox of Robin Wood.
Set-Mailbox -Identity "Robin Wood" -AcceptMessagesOnlyFrom @{add="David Pelton"}
This example configures the mailbox of Robin Wood to require all senders to be authenticated. This means the mailbox will only accept messages sent by other users in your Exchange organization.
Set-Mailbox -Identity "Robin Wood" -RequireSenderAuthenticationEnabled $true
This example configures the mailbox of Robin Wood to reject messages from the users Joe Healy, Terry Adams, and members of the distribution group Legal Team 2.
Set-Mailbox -Identity "Robin Wood" -RejectMessagesFrom "Joe Healy","Terry Adams" -RejectMessagesFromDLMembers "Legal Team 2"
This example configures the mailbox of Robin Wood to also reject messages sent by members of the group Legal Team 3.
Set-Mailbox -Identity "Robin Wood" -RejectMessagesFromDLMembers @{add="Legal Team 3"}
For detailed syntax and parameter information related to configuring delivery restrictions for different types of recipients, see the following articles:
How do you know this worked?
To verify that you've successfully configured message delivery restrictions for a user mailbox using PowerShell, run the following command which will show all the message delivery restrictions configured for the mailbox of Robin Wood:
Get-Mailbox -Identity "Robin Wood" | Format-List AcceptMessagesOnlyFrom,AcceptMessagesOnlyFromDLMembers,RejectMessagesFrom,RejectMessagesFromDLMembers,RequireSenderAuthenticationEnabled