Mail flow rules can be used within Microsoft Exchange to reject outbound emails to specific domains, such as domains associated with personal email, including gmail.com, outlook.com, and yahoo.com.

Log in to Exchange Admin Centre (https://admin.exchange.microsoft.com)
Click “Mail flow” on the navigation menu, then the “Rules” tab
Click “+ Add a rule” then “Create a new rule”
Give it an appropriate name, such as “Block outbound to gmail.com”
Set “Apply this rule if" to “The recipient” and “Domain is” then add the domain “gmail.com”
Set “Do the following” to “Block the message” and either “Reject the message and include an explanation” (if you want to notify the sending mailbox), or “Delete the message without notifying anyone” (if you do not want to notify the sending mailbox)

It is important to note that this could cause operational disruption if emailing from within the organization to the listed blocked domains is expected. It is possible to configure the “Except if” condition of the rule to whitelist outbound emails based on properties such as the sending mailbox, subject line, or other conditions.

Sections

ID	Name	Description
IF010.001	Exfiltration via Corporate Email	A subject exfiltrates information using their corporate-issued mailbox, either via software or webmail. They will access the conversation at a later date to retrieve information on a different system.