This is another question in a short series regarding a challenging Exchange project my co-workers have been asked to implement. (I'm helping even though I'm primarily a Unix guy because I volunteered to learn powershell and implement as much of the project in code as I could.)
Background:
We have been asked to create many distribution groups, say about 500+. These groups will contain two types of members. (Apologies if I get these terms wrong.) One type will be internal AD users, and the other type will be external users that I create Mail Contact entries for.
We have been asked to make it so that a "Reply All" is not possible to any messages sent to these groups. I don't believe that is 100% possible to enforce for the following reasons. My question is - is my following reasoning sound? If not, please feel free to educate me on if / how things can properly be implemeneted. Thanks!
My reasoning on why it's impossible to prevent 100% of potential reply-all actions:
An interal AD user could put the DL in their To: field. They then click the '+' to expand the group. The group contains two external mail contacts. The message is sent to everyone, including those external contacts. External user #1 decides to reply-all, and his mail goes to, at least, external user #2, which wouldn't even involve our Exchange mail relays.
An internal AD user could place the DL in their Outlook To: field, then click the '+' button to expand the DL. They then fire off an email to everyone that was in the group. (But the individual addresses are listed in the 'To:' field.) Because we now have a message sent to multiple recipients in the To: field, the addresses have been "exposed", and anyone is free to reply-all, and the messages just get sent to everyone in the To: field. Even if we try to set a Reply-To: field for all of these DLs, external mail clients are not obligated to abide by it, or force users to abide by it.
Are my two points above valid? (I admit, they are somewhat similar.) Am I correct to tell our leadership "It is not possible to prevent 100% of the cases where someone will want to Reply-All to these groups UNLESS we train the users sending emails to these groups that the Bcc: field is to be used at all times."
I am dying for any insight or parts of the equation I'm not seeing clearly. Thank you!!!
A few ideas:
Nothing here stops users who know who's in the list from just sending mail to them.. but you can prevent casual exposure of that if it's non-trivial to expand the group to its members.
You could secure the DL so that only specific persons could send to it. I believe the relevant AD attribute is "dLMemSubmitPerms".
http://technet.microsoft.com/en-us/library/aa997251%28EXCHG.65%29.aspx
That would prevent a "reply all" to that group. And anyone can send to any specific recipient at any time anyway, so that should not be relevant to the requirement.
This should only be relevant in the narrow edge cases where someone forgot to put the group in the bcc field.
Yes, both your points are valid. If the user clicks on the plus to expose the list of everyone in the DL to the TO (or CC or BCC) fields they are free to send emails to these people to their hearts content. Fortunately most normal users don't actually know about that feature.
You can configure the DLs them selves to only accept email from specific people (if you have an ALL STAFF list it is probably setup like this). That way only the people who should be using the replying to the DL can. This will suck for some people, but they'll just have to email back the message sender who can then forward the response to the group as needed.
I too have the same issue. The only way I see to improve on the lack of functionality permitted by Exchange is to train the Distribution List users. Certainly not foolproof since it relies on people, but it is the one way I see to prevent open discussions en mass when it was meant to be an Announcement from a leader.
The trick is this: Put the Distribution Group in the Bcc: Field. Since an email address is required in the To: field, the sender can place their email address there. That way the Reply to All will act solely as a Reply. The Bcc will deliver it to everyone in the distribution list.