I guess it is reasonable to expect that after more than 25 years of active development, the Exchange engineers might run short of new features to build, something that doesn’t seem to be a problem for their Teams counterparts.
Which brings me to today’s post announcing the new BccBlocked parameter added to the venerable Set-DistributionGroup cmdlet (the example in original post used -BlockBCC; trust me, that’s wrong). Apparently, the use of some distribution lists inside Microsoft forced engineers to conclude that a way was needed to reject messages addressed to a distribution list as a blind carbon-copy (BCC) recipient. The logic is that messages sent as BCCs to distribution lists bypass inbox rules created to stop these messages because the rules cannot detect BCC recipients as this information is not in message headers.
The feature is now available worldwide. It only works for Exchange Online distribution groups and isn’t available (yet) for Microsoft 365 groups.
Blocking BCC for a Distribution List
You could argue that it would have been better to enhance inbox rules to deal with BCC addresses, but developers being developers, they decided that it would be better to create an administrative block instead, which is why we now can crack open a PowerShell session, load the Exchange Online management module, and run something like:
The default for distribution lists is not to block BCC, so to check the distribution lists with the BCC block, we run:
Get-DistributionGroup | ? {$_.BccBlocked -eq $True} | Ft DisplayName
DisplayName
-----------
Board Reports
The Company
Microsoft says that they plan to expose the BCC blocked option in admin centers. First in the new Exchange admin center later “this year” and probably the Microsoft 365 admin center once support is available for Microsoft 365 groups.
What Happens When a Distribution List is Blocked for BCC?
The Exchange transport system is responsible for processing all messages sent in Exchange. When a message comes in addressed to a blocked distribution list as a BCC recipient, the transport system drops the message and sends a non-delivery report (NDR) with code 5.7.138 to the sender (Figure 1).
Figure 1: NDR for a message sent to a distribution list which blocks BCCs
Figure 2 shows the detail reported for a blocked BCC message by a message trace in the Exchange admin center:
Figure 2: Message trace information for a message sent to a distribution list which blocks BCC
The same information is available using PowerShell:
Get-MessageTrace -MessageId DB7PR04MB44105FC9811AEB90D9CA5BF18B629@DB7PR04MB4410.eurprd04.prod.outlook.com | fl
Message Trace ID : 7b94a8cf-512d-423b-ec42-08d8efb44265
Message ID : <DB7PR04MB44105FC9811AEB90D9CA5BF18B629@DB7PR04MB4410.eurprd04.prod.outlook.com>
Received : 25/03/2021 17:34:36
Sender Address : Tony.Redmond@xxxx.com
Recipient Address : boardreports@xxxx.com
From IP : 51.171.212.129
To IP :
Subject : Super Important Email
Status : Failed
Size : 13851
Get-MessageTraceDetail -MessageTraceId 7b94a8cf-512d-423b-ec42-08d8efb44265 -RecipientAddress BoardReports@xxx.com
Date Event Detail
---- ----- ------
25/03/2021 17:34:36 Receive Message received by: DB7PR04MB5001.eurprd04.prod.outlook.com using TLS1....
25/03/2021 17:34:36 Submit The message was submitted.
25/03/2021 17:34:36 Fail Reason: [{LED=550 5.7.138 RESOLVER.GRP.BlockBcc; the group has been conf...
I’m unsure how much use that the new feature will get outside the unique scenario met in Microsoft, but it’s better to have the capability than to lack it.
One Reply to “Exchange Online Block for BCC Messages Sent to Distribution Lists”
Unfortunately this only helps for internal msgs according to the blog post you link to. This is very disappointing as the spam we’re trying to stop is EXTERNAL people sending to these groups using BCC!!!!
Do you know when/if MS plan to make this an option on External email?
{"id":null,"mode":"button","open_style":"in_modal","currency_code":"EUR","currency_symbol":"\u20ac","currency_type":"decimal","blank_flag_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/office365itpros.com\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":100,"top_media_type":"featured_image","featured_image_url":"https:\/\/office365itpros.com\/wp-content\/uploads\/2022\/11\/cover-141x200.jpg","featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Virtual Tip Jar","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"Office 365 for IT Pros","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"Office 365 for IT Pros","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for supporting the work of Office 365 for IT Pros!","payment_confirmation_title":"Office 365 for IT Pros","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to tip?","initial":{"instruction_type":"normal","instruction_message":"How much would you like to tip? Choose any currency."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to tip? Choose any currency."},"invalid_curency":{"instruction_type":"error","instruction_message":"Please choose a valid currency."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to give this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to give this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to give this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
Unfortunately this only helps for internal msgs according to the blog post you link to. This is very disappointing as the spam we’re trying to stop is EXTERNAL people sending to these groups using BCC!!!!
Do you know when/if MS plan to make this an option on External email?