I used to have an auto forward set up on my mail account in Office365. However, since a few weeks I encountered the following errors:
Your message wasn’t delivered because the recipient’s email provider rejected it.
Remote Server returned ‘550 5.7.520 Access denied, Your organization does not allow external forwarding. Please contact your administrator for further assistance. AS(7555)’
The result of these error messages was that my emails were no longer automatically forwarded to another mailbox.
Before September 2020, Office 365 allowed emails to be automatically forwarded to external email addresses. This is called “External forwarding”. However, since September 2020, a setting has been changed, whereby External Forwarding is disabled by default at the organization level. This means that all mail that was previously neatly forwarded to an external email address is now suddenly blocked. The affected mailbox, the mailbox with the forwarding rule set up, receives the error “Your message wasn’t delivered because the recipient’s email provider rejected it.“
How to fix Remote Server returned ‘550 5.7.520 Access denied
An Office 365 administrator can adjust the default setting in the Office 365 environment, making it possible to forward mail externally again. If you are a user of Office 365, please ask your IT Admin to adjust the setting and send him or her the URL of this web page.
If you are an administrator, follow these steps to re-enable External Forwarding:
- Go to the Office365 Security and Compliance Dashboard
- Expand Threat Management and click Policy
- Click Anti Spam
- In the Anti-Spam settings, locate Outbound spam filter policy (Always ON) and click Edit policy
- In the Outbound spam filter policy, expand Automatic Forwarding. The default is set to Automatic – System-controlled.
- Select On – Forwarding is enabled and click Save. Forwarding to external mail addresses is now allowed. Note Microsoft says it may take up to 24 hours before the change takes effect. Although it took 5 minutes in my case 🙂
You may wonder whether it is a good idea to change the default setting for automatic forwarding to external addresses.
One reason for not allowing it is data loss prevention. Recently I was with a customer whose password had been leaked. Hackers have gained access to his mailbox. Instead of directly using his mailbox, they set – unnoticed – a rule that automatically forwarded all mail to an external email address. A good example of corporate espionage.