Email moderation gives you better message delivery control over previous Exchange versions. In Exchange 2003 and 2007 we had Delivery Restrictions. However this only allowed for explicitly setting restrictions on distribution lists with the options to "Accept messages from", "Reject messages from" or "Require that all users are authenticated". This effectively equated in whitelisting or blacklisting users from sending to a Distribution List. With the email moderation feature in Exchange 2010, you can allow everyone to send messages to the list but have designated moderators monitor and approve/reject messages as necessary. Thus the decision is taken by a human being rather than being automated through fixed white/black listing settings.
One core consideration you must make when looking at implementing Exchange 2010 in an Exchange 2007 environment is that for email moderation to work, you must ensure that the message hits the Exchange 2010 Hub Transport role first. Otherwise, if the Exchange 2007 Hub is hit first then the distribution group will be expanded and sent out to all members bypassing moderation.
Email moderation can be configured on distribution groups, mailboxes and contacts. In this article we will look at how to configure all of these, as well as the concept of how email moderation actually works.
How it works
At a high level, the concept of how email moderation works is easy. A user sends an email to a moderated entity, the moderator views and actions it. The fate of the message is decided based on this action - approved messages are allowed through whereas rejected messages are deleted.
Let's take a closer look at this concept in more detail. This is what happens "under the hood" when a message is sent to a moderated recipient:
The sender creates a new message and sends it to the moderated group/recipient.
The message is routed to the arbitration mailbox (instead of Exchange expanding the group and sending it out to the group members straight away).
The message is stored in the arbitration mailbox and an approval request it sent to the moderator.
As part of the approval process, the moderator approves or rejects the messages by using the buttons provided within the email message itself. The original message in the arbitration mailbox is tagged with this decision.
If the moderator approved the message, it is re-submitted to the submission queue, and subsequently delivered to the recipient. On the other hand, if the moderator rejected the message, it will be deleted from the arbitration mailbox and the sender will be notified accordingly.
Configuring Email Moderation
Follow these steps to configure email moderation for a mailbox or contact:
From the Exchange Management Console, navigate to Organization Configuration | Hub Transport
In the Transport Rules tab, right click and select New Transport Rule
Enter a name for the rule and click Next
Select the Conditions under which you want the rule to apply and click Next. In this example I selected "from people" as the condition and chose Kenneth's mailbox address.
In the Actions page, select either "forward the message to addresses for moderation" or "forward the message to the sender's manager for moderation". The former allows us to directly specify which users will act as moderators; the latter identifies the sender's manger as moderator.
On the next page, select any Exceptions to this rule and complete the wizard for the rule to be created.
To configure email moderation for a distribution list/group:
From the Exchange Management Console, navigate to Recipient Configuration and Distribution Group.
From here, select the Distribution Group you want to configure email moderation on, right click it and select properties.
Note: If you do not have any Distribution Groups configured, right click on a blank part of the window and select New Distribution Group - complete the wizard and then proceed to the next step.
From the properties dialog, select the Mail Flow Settings tab and double click Message Moderation.
Tick the option "Messages sent to this group have to be approved by a moderator". Click the first "Add..." button to identify the group moderators and the second "Add..." button to exclude any users who do not require message approval (the exceptions).
Note: You can assign multiple group moderators. When you do this, if one moderator takes action, further action on the message cannot be taken by the other moderator(s). The Approve and Reject buttons will be disabled and the item will be moved to the deleted items folder.
Finally, select the appropriate moderation notification option from the bottom and click OK.
If you have sufficient rights to do so, you can also configure this from the Exchange Control Panel within OWA:
Login to the Outlook Web App (OWA) and select Options
Click on the Groups node on the left hand pane and select the distribution group from the "Public Groups | Own" list. Now click Details to bring up the configuration window.
Expand Message Approval and select the configuration options you want before clicking "Save".
Following on from my previous article, Overview of MailTips in Exchange 2010, when configuring a group from the Outlook Web App you can also set a MailTip that will appear when someone is creating a message to be sent to the Distribution Group. To create a MailTip, from the group configuration window, expand MailTip and enter the message you want to be displayed before clicking the "Save" button again.
Sender are notified of this message via a MailTip when creating emails addressed to the distribution group, as shown below:
Now, with all this set, when an email is sent to the moderated group, the moderator (in this case the Administrator) receives an email asking for approval or rejection. The moderator can do so by clicking on the Approve or Reject buttons within the notification email, as shown below:
Note: If moderators are using earlier Outlook versions, their Approve or Reject buttons will appear as voting buttons.
In the example above, Raymond actually meant to send an email to his colleague in HR Alan but the address was auto completed to "All Employees" instead. If email moderation hadn't been configured on this group, then Raymond would have let the entire office know that Tina was about to be terminated from her employment!
Conclusion
In this article we have looked at what email moderation in Exchange 2010 has on offer. I showed you how to configure email moderation for mailboxes, contacts and distribution groups, and went over the operational aspects of email moderation. Personally I think this is a very cool addition to Exchange 2010 and will help safeguard your critical distribution groups.
References
Microsoft Exchange Team Blog: Spotlight of Exchange 2010 - E-mail Moderation
Microsoft TechNet: Understanding Moderated Transport