In past versions of Exchange server, the best way to control mail flow to a distribution group or mailbox was delivery restrictions. Delivery restrictions allow you to reject mail from certain individuals or groups (sometimes referred to as a blacklist), allow mail only from certain individuals or groups (or a whitelist), or a combination of both.
In Exchange Server 2010, moderation enables you to control messages sent to groups and individuals based on the human element: a moderator-not who sent it.
Moderation isn't limited to groups. Like delivery restrictions, you can also moderate mail sent to individual mailboxes or mail contacts, in the same way as mail sent to distribution groups. If you wanted to moderate mail from a mailbox/contact, you would have to set up a transport rule, where moderation is available as an action. For the rest of this post, I'll be talking about moderated groups/lists.
For end users, sending mail to a moderated group is the same as sending to any other group. If they are using Outlook Web Access or Outlook 2010, they will see a MailTip telling them they are sending mail to a moderated group.
Instead of expanding a message and sending it on to the members of a group, Exchange sends the mail to the Arbitration Mailbox. This mailbox is like a holding tank for messages that are under review by moderators. Upon receiving the message, the arbitration mailbox sends out approval request to each moderator. The original message is attached to the approval request and also shown in preview form in the approval request itself. Moderators have three options for a decision:
These decisions are sent as messages back to the arbitration mailbox, where the decision is processed. Like mail to any other group, users are only notified if their message was not delivered (moderators can choose to include comments explaining why they rejected the message). If the message is approved, it is released from the arbitration mailbox for delivery to the group.
In both Outlook and Outlook Web Access, moderators see buttons at the top of their message for approving and rejecting messages (see an Outlook Web Access example below). In older versions of Outlook, moderators can make decisions with voting buttons.
For groups configured with multiple moderators, when one moderator makes a decision, a message is sent to all the other moderators notifying them of the decision. This notification is processed by the receiving mailbox, and when this notification arrives in a moderators mailbox, the approval request is disabled (no further decision can be made) and moved to the deleted items folder.
This keeps moderators' inboxes less cluttered, leaving only approval requests that still require a decision.
To enable moderation for a group, you just need to enable moderation and specify who the moderators are. If you leave the list of moderators blank, the group owners will receive all the approval requests.
In ECP, group owners and administrators can configure moderation here:
Moderation can be similarly configured from EMC:
For more customized scenarios, moderation is also available as an action with any transport rule. In the case of a rule where the condition is a match, the message is not delivered to any recipients until approved by moderator.
Q: Are delivery restrictions still there in Exchange 2010?A: Delivery restrictions haven't gone anywhere. In fact, you can use moderated groups and delivery restrictions together; delivery restrictions simply take precedence over moderation. If a sender passes delivery restrictions, then they will be moderated (unless they are on the bypass list for moderation).
Q: What if an email is sent to two groups: one moderated and one unmoderated?A: The message will be sent to moderators for approval for delivery to the moderated group. It will be delivered to all members of the unmoderated group without moderator intervention. Any user that is a member of both groups would get the message immediately. They won't see a second message (upon approval to the moderated group) thanks to duplicate detection.
Q: What about nested moderated groups?A: If one moderated group (the "child") is a member of another moderated group (the "parent"), the message must be approved for both the parent and the child groups.
If you set the BypassNestedModerationEnabled flag to $true on the parent group, any messages sent to that group will bypass moderation by child groups. For some messages, you might not want moderators of child groups to be able to reject them (say, messages from executives sent to an org-wide group).
Q: What happens if two moderators make conflicting decisions at the same time?A: In most cases, moderators will not be able to make a decision after one has already been made. However, if two moderators do manage to make decisions at the exact same time, whichever decision message makes it to the arbitration mailbox wins. The "losing" moderator(s) are then notified that their decision did not take effect.
Q: What versions of Exchange are required for moderation?A: Moderation requires Exchange 2010 to be deployed on all Hub Transport Servers to work properly. Earlier versions of Exchange will ignore moderation and simply deliver any messages to moderated recipients.
- E.J. Dyksen