A
amatruco
We're running Exchange 2003 and Outlook 2003 in an educational
environment (high school). We have server-based distribution lists
established for a variety of faculty purposes, and don't want the
students to be able to send messages to these lists. We have the
mail-enabled groups set in the Active Directory to accept messages from
everyone, except the members of another group we created called "No
Exchange Distribution Lists." To this last group, we've added all the
students' accounts.
So, the students are successfully blocked from composing messages to
this group directly ... but I think we've found 2 flaws in this
approach:
1) A student using the Outlook Desktop Client can add the group to the
TO field of a message, and then click the + beside the group name to
expand the list. At that point, it's no longer a message to the group,
but instead is a message to a whole lot of individuals. In essence,
our "rule" is bypassed. The only thing that would stop the message
from being delivered at that point is our restriction on the maximum
number of recipients to whom students can compose messages. Am I
missing something here? Is there a way to prevent the distribution
list from being expanded? Is there a better way to restrict these
student users from sending messages to the faculty distribution lists?
FYI: I don't particularly want to hide the distribution lists from the
Global Address List
2) Further, what's to stop a student from inspecting the Email
Addresses tab in the GAL for the distribution list's entry, and
determining the SMTP-based email address for the list
([email protected]) and then sending a message from his
personal, non-Exchange email account? I have a thought on this one.
Should I configure the list to only accept messages from Authenticated
Users (a checkbox available in the Active Directory)? This will solve
this problem, right?
Thanks!
Joe
environment (high school). We have server-based distribution lists
established for a variety of faculty purposes, and don't want the
students to be able to send messages to these lists. We have the
mail-enabled groups set in the Active Directory to accept messages from
everyone, except the members of another group we created called "No
Exchange Distribution Lists." To this last group, we've added all the
students' accounts.
So, the students are successfully blocked from composing messages to
this group directly ... but I think we've found 2 flaws in this
approach:
1) A student using the Outlook Desktop Client can add the group to the
TO field of a message, and then click the + beside the group name to
expand the list. At that point, it's no longer a message to the group,
but instead is a message to a whole lot of individuals. In essence,
our "rule" is bypassed. The only thing that would stop the message
from being delivered at that point is our restriction on the maximum
number of recipients to whom students can compose messages. Am I
missing something here? Is there a way to prevent the distribution
list from being expanded? Is there a better way to restrict these
student users from sending messages to the faculty distribution lists?
FYI: I don't particularly want to hide the distribution lists from the
Global Address List
2) Further, what's to stop a student from inspecting the Email
Addresses tab in the GAL for the distribution list's entry, and
determining the SMTP-based email address for the list
([email protected]) and then sending a message from his
personal, non-Exchange email account? I have a thought on this one.
Should I configure the list to only accept messages from Authenticated
Users (a checkbox available in the Active Directory)? This will solve
this problem, right?
Thanks!
Joe