We have an internal Exchange 2003 Server and would like to setup a way to have a Distribution List with Internal and External (non-domain) recipients. DL must be available to anyone that wants to send to it. Currently there are three external recipients setup as Contacts and added to DL. When ExternalUser1 sends to DL@domain.com they receive a NDR (5.7.1 Rejected due to SPF policy AND Sender-ID policy) for other External recipients in DL. We do not have any administration over the External Domains to adjust SPF records, and the only work around we have tried without success is to have a User Account for each Contact and then use the User Account in DL and use the Forward to available in ADUC ..... still get a NDR. Suggestions have been made to use a third-party tool to intercept the message envelope and change the Return-Path/Sender but nothing has been implemented or tested. Help?

Hi, Can you send mails to these external users using an internal account.? Is there a spf record present for your server? Leif

Yes can send to them normally from internal and external account, and we do not have an SPF record. The only issue is when a member of DL who is an external User sends to DL@domain.com then the External Recipients fail to receive with NDR being generated.

On Mon, 27 Aug 2012 06:31:29 +0000, rbdsolutions wrote: > > >We have an internal Exchange 2003 Server and would like to setup a way to have a Distribution List with Internal and External (non-domain) recipients. DL must be available to anyone that wants to send to it. > >Currently there are three external recipients setup as Contacts and added to DL. When ExternalUser1 sends to DL@domain.com they receive a NDR (5.7.1 Rejected due to SPF policy AND Sender-ID policy) for other External recipients in DL. > >We do not have any administration over the External Domains to adjust SPF records, and the only work around we have tried without success is to have a User Account for each Contact and then use the User Account in DL and use the Forward to available in ADUC ..... still get a NDR. > >Suggestions have been made to use a third-party tool to intercept the message envelope and change the Return-Path/Sender but nothing has been implemented or tested. > >Help? This isn't an easy problem to solve. I'm assuming the message sent by "ExternalUser1" to the DL is leaving your orgaization with the "MAIL FROM" address of "ExternalUser1". If that's true then the domain of "ExternalUser1" would have to add YOUR server's IP address to THEIR SPF data in their DNS. I forget when the change was made in Exchange 2003 to add the necessary "Resent-*" headers to the message so SenderID would work properly. But SPF isn't SenderID and SPF works only on the MAIL FROM address so unless the MAIL FROM domain includes your IP address as an authorized sender you're stuck. Exchange 2007/2010 handles this differently and uses the null address ("<>") as the MAIL FROM address. That means you won't get any NDRs or DSNs, and it also means that SPF will allow the message to pass since there's no domain to check the address against. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP