We need to let a few of our users send Internet mail but want to prevent most users from doing so. What's the easiest way to do this?

The simplest method is a little nonintuitive but is nevertheless a neat application of Exchange 2000 Server's native features. Here's what you need to do:

  1. Assign a default recipient policy that assigns an SMTP proxy address that would be invalid on the Internet—for example, @company.123. (For more information about recipient policies, see "The Exchange Recipient Update Service," InstantDoc ID 45972.)
  2. Assign a secondary recipient policy that assigns the correct SMTP proxy address (e.g., @company.com).
  3. Apply the secondary recipient policy to those users or groups who need to be able to send mail to the Internet.
  4. Configure your Exchange server systems to use one bridgehead to send SMTP mail to the Internet.
  5. On that bridgehead machine, use sender filtering on the SMTP virtual server to drop any email from senders whose addresses match the default recipient policy.