Intelligent Message Filter, Content Filter, can do more...

WinDeveloper IMF Tune
WinDeveloper IMF Tune

Moderating Emails in Exchange 2010

Kenneth Spiteri

Kenneth is an Exchange Administrator who loves to share anything he finds interesting with the rest of the community. He also helps with the administration of the site.

Cast your Vote
Poor Excellent

Exchange 2010 offers yet another great feature that helps organizations enforce their information protection and control policy. Email moderation allows a designated moderator to manually approve or reject emails before completing delivery.

Email moderation gives you better message delivery control over previous Exchange versions. In Exchange 2003 and 2007 we had Delivery Restrictions. However this only allowed for explicitly setting restrictions on distribution lists with the options to "Accept messages from", "Reject messages from" or "Require that all users are authenticated". This effectively equated in whitelisting or blacklisting users from sending to a Distribution List. With the email moderation feature in Exchange 2010, you can allow everyone to send messages to the list but have designated moderators monitor and approve/reject messages as necessary. Thus the decision is taken by a human being rather than being automated through fixed white/black listing settings.

One core consideration you must make when looking at implementing Exchange 2010 in an Exchange 2007 environment is that for email moderation to work, you must ensure that the message hits the Exchange 2010 Hub Transport role first. Otherwise, if the Exchange 2007 Hub is hit first then the distribution group will be expanded and sent out to all members bypassing moderation.

Email moderation can be configured on distribution groups, mailboxes and contacts. In this article we will look at how to configure all of these, as well as the concept of how email moderation actually works.

How it works

At a high level, the concept of how email moderation works is easy. A user sends an email to a moderated entity, the moderator views and actions it. The fate of the message is decided based on this action - approved messages are allowed through whereas rejected messages are deleted.

Let's take a closer look at this concept in more detail. This is what happens "under the hood" when a message is sent to a moderated recipient:

  1. The sender creates a new message and sends it to the moderated group/recipient.

  2. The message is routed to the arbitration mailbox (instead of Exchange expanding the group and sending it out to the group members straight away).

  3. The message is stored in the arbitration mailbox and an approval request it sent to the moderator.

  4. As part of the approval process, the moderator approves or rejects the messages by using the buttons provided within the email message itself. The original message in the arbitration mailbox is tagged with this decision.

  5. If the moderator approved the message, it is re-submitted to the submission queue, and subsequently delivered to the recipient. On the other hand, if the moderator rejected the message, it will be deleted from the arbitration mailbox and the sender will be notified accordingly.

Configuring Email Moderation

Follow these steps to configure email moderation for a mailbox or contact:

  1. From the Exchange Management Console, navigate to Organization Configuration | Hub Transport

  2. In the Transport Rules tab, right click and select New Transport Rule

  3. Enter a name for the rule and click Next

  4. Select the Conditions under which you want the rule to apply and click Next. In this example I selected "from people" as the condition and chose Kenneth's mailbox address.

  5. In the Actions page, select either "forward the message to addresses for moderation" or "forward the message to the sender's manager for moderation". The former allows us to directly specify which users will act as moderators; the latter identifies the sender's manger as moderator.

    Moderated Mailbox Transport Rule

  6. On the next page, select any Exceptions to this rule and complete the wizard for the rule to be created.

To configure email moderation for a distribution list/group:

  1. From the Exchange Management Console, navigate to Recipient Configuration and Distribution Group.

  2. From here, select the Distribution Group you want to configure email moderation on, right click it and select properties.

    Note: If you do not have any Distribution Groups configured, right click on a blank part of the window and select New Distribution Group - complete the wizard and then proceed to the next step.

    Distribution Groups

  3. From the properties dialog, select the Mail Flow Settings tab and double click Message Moderation.

  4. Tick the option "Messages sent to this group have to be approved by a moderator". Click the first "Add..." button to identify the group moderators and the second "Add..." button to exclude any users who do not require message approval (the exceptions).

    Note: You can assign multiple group moderators. When you do this, if one moderator takes action, further action on the message cannot be taken by the other moderator(s). The Approve and Reject buttons will be disabled and the item will be moved to the deleted items folder.

    Moderated Distribution Groups

  5. Finally, select the appropriate moderation notification option from the bottom and click OK.

If you have sufficient rights to do so, you can also configure this from the Exchange Control Panel within OWA:

  1. Login to the Outlook Web App (OWA) and select Options

  2. Click on the Groups node on the left hand pane and select the distribution group from the "Public Groups | Own" list. Now click Details to bring up the configuration window.

  3. Expand Message Approval and select the configuration options you want before clicking "Save".

Configure Moderated Group from OWA

Following on from my previous article, Overview of MailTips in Exchange 2010, when configuring a group from the Outlook Web App you can also set a MailTip that will appear when someone is creating a message to be sent to the Distribution Group. To create a MailTip, from the group configuration window, expand MailTip and enter the message you want to be displayed before clicking the "Save" button again.

Mail Tip

Sender are notified of this message via a MailTip when creating emails addressed to the distribution group, as shown below:

MailTip Alert

Now, with all this set, when an email is sent to the moderated group, the moderator (in this case the Administrator) receives an email asking for approval or rejection. The moderator can do so by clicking on the Approve or Reject buttons within the notification email, as shown below:

Aprove/Reject Email

Note: If moderators are using earlier Outlook versions, their Approve or Reject buttons will appear as voting buttons.

In the example above, Raymond actually meant to send an email to his colleague in HR Alan but the address was auto completed to "All Employees" instead. If email moderation hadn't been configured on this group, then Raymond would have let the entire office know that Tina was about to be terminated from her employment!

Conclusion

In this article we have looked at what email moderation in Exchange 2010 has on offer. I showed you how to configure email moderation for mailboxes, contacts and distribution groups, and went over the operational aspects of email moderation. Personally I think this is a very cool addition to Exchange 2010 and will help safeguard your critical distribution groups.

References

Microsoft Exchange Team Blog: Spotlight of Exchange 2010 - E-mail Moderation

Microsoft TechNet: Understanding Moderated Transport

User Comments - Page 1 of 1

Add New Comment...

jarosch 1 Sep 2011 06:08
Thank you for your detailed information. I have one question about the moderation process: Is there a way when I have a mixed circle of recipients (moderated and unmoderated) that the message is only send to all recipients when the message is approved?
GPCC 30 May 2011 22:04
Thank you very much for writing above.

Unfortunately i've tried everything (set transport rules for distribution group moderation, also under mail flow settings set moderator for a distribution group) but moderated email feature is still not working.

In both cases (transport rule and mail flow settings) my message is sent to distribution group email id but is not delivered to group moderator. After one hour or more, i receive this message from MS-Outlook
<
Delivery is delayed to these recipients or groups:
SystemMailbox{1f05a927-671c-4b0a-ba01-c65e4fc0b56c}@mycompany.com
>
If i remove transport rule or moderator under mail flow settings, message is delivered to all group members.
I checked my arbitration mailbox, when i use cmd: get-mailbox -arbitration, it returns me three lines but when i try to narrow results for a specific database using cmd: get-mailbox -arbitration -database mdb01, it gives me nothing.

If you could kindly guide me in steps, it would be your greatness.

Thanks!
Clement Rosario 28 Apr 2010 10:38
Excellent
LOL 29 Oct 2009 04:24
I know companies which like to read their employees mails. Nice feature for them :-)
Copyright © 2005 - 2014 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation