Using Exchange 2007 Transport Rules to Protect the First Entry in the Address Book

Comments 2

Share to social media

I was recently asked to add an entry to the Outlook address book which would prevent mail being inadvertently sent to the person who normally appeared at the top of the Global Address List (GAL) – the person was getting frustrated by receiving e-mail which was clearly not intended for him.

There are several possible ways this could be achieved: a mailbox with an auto-reply or out-of-office rule, a public folder with an auto-response, a non-Exchange auto-responder, or simply a mail contact with an invalid external address, to name a few.

Fortunately, Exchange 2007
provides mechanisms
which can be used to
provide a neat solution
to this problem.

Ideally I wanted the e-mail to be stopped on Exchange without requiring an extra mailbox or public folder, and I wanted the sender should get a helpful error message.  These requirements meant that a mailbox or public folder with an auto-reply rule could not be part of the ideal solutions, and neither could a non-Exchange auto-responder as that would mean that the email would have to leave the Exchange environment before being stopped.  Additionally, using a contact record with an invalid address was not perfect either; because a  user who e-mailed the contact  would simply receive a rather unhelpful ‘address unknown’ non-delivery report (NDR).

Fortunately Exchange 2007 provides mechanisms which can be used to provide a neat solution to this problem.  The solution has three parts: a mail contact which will appear at the top of the GAL, a transport rule to prevent mail being sent to the contact, and a custom delivery status notification (DSN) to provide the user with information about why their message was not delivered.

Mail Contacts are Active Directory objects which are typically used to add e-mail addresses which are external to Exchange 2007 to the Global Address List.  To create a new mail contact you must be delegated the Exchange Recipient Administrator role and the Account Operator role Active Directory container where you wish to create the contact.

Transport rules run on Exchange 2007 servers which have either the Hub Transport or Edge Transport role installed.  They can be used to control the flow of e-mail messages within the Exchange 2007 organization and can be used for a variety of purposes including for restricting e-mail between certain individuals or groups, or for applying a footer to all e-mail destined for Internet recipients. 

[Transport rules] can be
used to control the flow
of e-mail messages
within the Exchange
2007 organization…

Custom DSN messages give Exchange 2007 administrators the facility to create new DSN messages for custom delivery notifications and the ability to customize existing DSN messages.  They are a useful tool if you wish to provide users with links to further information such as links to self-help knowledge base articles, or contact information for help-desk staff.

To create transport rules and custom DSN messages you must be delegated the Exchange Organization Administrator role.

The first step in implementing this solution is to create a new mail contact which has a display name that will ensure it is shown as the first entry in the GAL.  An easy way to do this is to prefix the display name with a period or underscore or any other valid character which does not normally appear in Exchange display names (spaces are prohibited as leading characters in display names).  We also need to specify an e-mail address which is not in use by another e-mail enabled object.

The mail contact can be created in the Exchange Management Shell using the New-MailContact cmdlet:


The new mail contact will appear in the Outlook address book:


The second step is to create a new custom delivery status notification (DSN) message which will be sent to anybody who e-mails the new mail contact.  Custom DSN messages can contain plain text or HTML, and in this case will provide useful information to the user pointing out that their message probably did not reach the intended recipient.

We’ll create a DSN message for DSN code 5.7.10, which is the first available enhanced status code (the valid range is 5.7.10 through 5.7.999 inclusive)

The Exchange Management Shell cmdlet for creating DSN messages is New-SystemMessage:


The final step is to create a new transport rule which will send the new DSN message to anybody who e-mails the new mail contact.

Transport rules consist of three components: conditions, actions, and exclusions.  To create a new transport rule we must specify at minimum the action to be taken, but in this case we’ll specify a condition and an action.  The transport rule can be created in the Management Shell using these commands, incorporating the New-TransportRule cmdlet:


With the new mail contact in the Global Address List, the new DSN created, and the transport rule set up, if you sent a test e-mail message to the new contact you will receive this NDR message back:


Using this solution my objectives have been met: I didn’t have to create a mailbox or public folder, the email message doesn’t leave the Exchange environment, and the sender receives a useful error message.