Sometimes you want email groups to receive email from the Internet, but you don’t want every group reachable that way.  IBM did a great job hiding it.

Watch the video or follow these steps to accomplish that:

1.  Open the server configuration document for the Domino server that receives inbound Internet mail.
2. Click on the Router/SMTP – Basics tab.
   Change the Address Lookup field from “Fullname then Local Part” to “Fullname only”.  (This forces the email address to be an exact match.  Otherwise spammers can make random guesses that will more likely resolve.
   
3. Click on the Router/SMTP – Restrictions and Controls – SMTP Inbound Controls tab.
   In the Inbound Intended Recipients section, change the “Verify that local domain recipients exist in the Domino Directory” field from “Disabled” to “Enabled”.  
   
   
4. When that field is enabled, two additional fields will be displayed.
   Change the “Reject ambiguous names” field from “Disabled” to “Enabled”.
   Leave the “Deny mail to groups” field set to “Disabled”.

While I appreciate that it doesn’t allow changing these two additional fields until you enable the overall setting, I find it frustrating that these fields are hidden from view until the feature is enabled.  There are hundreds of settings for controlling mail routing scattered across server docs, server configuration docs, domain docs, etc.  They don’t need to make it harder to find the relevant setting by hiding them.  But that’s what makes the job challenging.  If you liked this tip, you may find this slideshare deck by IBM ICS Support Enginneer Jayesh Parmar helpful.