Create a Transport Rule to Reject a Message When Both Domain Conditions Are Met

Today, I saw a question come up as to how to block a message when it's sent to two different classes of users at the same time.  Let's say you want to be able to send to John@domain1.com, Bob@domain2.com, and Jane@domain3.com (list 1) or to Mark@domain4.com, Sue@domain5.com, and Mary@domain6.com (list 2), but any time those users from both list 1 AND list 2 appear in the To/CC of the *same* email message, you want it to be blocked.  Something like this might be important if you're sending out an RFP response or a bid offer and you don't want recipients from certain companies to know who they're bidding against.

First, create an array containing all the domains in List 1 that you want to be able to send to.

 $list1 = @('domain1.com','domain2.com','domain3.com')

Then, create an array containing all the domains in List 2 that you want to be able to send to.

 $list2 = @('domain4.com','domain5.com','domain6.com')

Next, we'll create a transport rule where those two arrays are ANDed together as conditions that will trigger a rejection.

 New-TransportRule -Name "If recipients exist on both lists, block the message" -RecipientAddressMatchesPatterns $list1 -AnyOfRecipientAddressMatchesPatterns $list2 -RejectMessageEnhancedStatusCode '5.7.1' -RejectMessageReasonText "Cannot send when recipients exist in both restricted domains lists"

Go forth and deny your sending!