Using an Exchange Transport Rule to reject messages sent to a specific domain with a custom NDR

In this case, the customer had the following request:

We migrated domains two years ago, and now are wanting to decommission the old domain (tailspintoys.org).

We would like to set up some sort of catch all for messages sent to the old domain that would respond back with "sorry this domain has been decommissioned, please try your contact's address with @contoso.org" or something like that. Then we can run with that for a year or so before decommissioning the domain. Can this be done or something like it?

At first we would think that we simply could create a transport rule that uses the condition of "The recipient address includes..." and specify tailspintoys.org in the list of words or phrases for the condition. However when we tried this, the rule did not fire on emails sent to user@tailspintoys.org. This seems to be because when we check the recipient in Exchange for the rule condition, we only see the recipient's primary SMTP address.

The solution I found is that creating a new rule with “Create a new rule” and then clicking “More options”, I used the following condition:
- Apply this rule if… A message header includes: 'authentication-results' header includes 'tailspintoys.org'
- Do the following Reject the message with the explanation: 'sorry this domain has been decommissioned, please try your contact's address with @contoso.org'

This works because the authentication-results header always contains the domain that the message was sent to.

I can’t take full credit for this solution, as I found it in a post or old support case (can’t remember which) I looked at as I was searching for answers.