Hybrid Email Moderation Part 1



This article talks about how important is to configure Remote Domains both in the on premise Exchange environment and on Exchange Online to preserve headers and TNEF format between the two organizations. The TNEF format is what makes the Approve or Reject buttons appear in the email messages.

Remote Domains

Remote Domains is a way in Exchange configuration to control the type and format of messages exchanged between your organization and other external domains.

Example of type of this would be if we want to block sending Out Of Office replies to a specific domain, then we would create a Remote Domain in Exchange for that domain, and turn of Out Of Office messages. [This is example of type of messages]

For example, if you know that the remote domain is not using Exchange, you can specify to never use Rich Text Format (RTF). [This is example of format of messages]

What is the impact and problem?

The impact of misconfigured Remote Domains can largely go unnoticed, especially since the person most impacted is going to be the recipient who may not report the issue to the sender or support.

When someone sends email to a moderated groups, and the moderator is hosted on Office 365, the buttons for Approve and Reject are not showing at his email client.


It turned out that a setting called TNEF (Transport Neutral Encapsulation Format) is causing this to happen. We need to make sure TNEF format is enabled when sending emails out to Office 365 tenant.


We need to make our on premise Exchange servers deals with both @aramex.mail.onmicrosoft.com and @aramex.onmicrosoft.com as a well behaved remote domains.

We need also to make sure our Exchange Online environment deals with @aramex.con domain as a well behaved remote domain.

So simply the answer is to create remote domain for @aramex.onmicrosoft.com and @aramex.mail.onmicrosoft.com on our on premise Exchange server if non is already created by Exchange hybrid wizard (Get-RemoteDomain), and then configure the TNEF to true simply by running Set-RemoteDomain  with –TNEFEnabled $true

Same applies to Exchange Online, we need to create remote domain for @aramex.com with TNEFEnabled $true.

From on premise Exchange.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s