Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Exchange / How to Block Sender Domain or Email Address in Exchange and Microsoft 365

March 17, 2024 Azure and Microsoft 365ExchangePowerShell

How to Block Sender Domain or Email Address in Exchange and Microsoft 365

An email system based on on-premises Exchange Server or Exchange Online (Microsoft 365) allows an administrator to block (reject) e-mails from specific external domains or sender addresses. There are several features in Exchange Server and Microsoft 365 that you can use to create a blacklist of unwanted domains and email addresses from which you want to block incoming e-mails. In this article, we’ll look at how to configure a blocked senders list from the Exchange Admin Center (EAC) GUI or from PowerShell.

Contents:
  • Configure Sender Filter Agent on Exchange Server
  • Use Exchange Mail Flow Rules to Block Email
  • Block Senders Using the Tenant Allow/Block List
  • How to Blacklist Senders in Outlook?

The following is a summary table of the sender blocking methods that are available in EOL (M365) and in the on-premises Exchange Server.

On-premises Exchange ServerExchange Online (Microsoft 365)
Sender Filter+
Blocking senders using transport rules (mail flow rules)++
Individual block lists in user mailboxes++
Tenant Allow/Block List in EOL+

Configure Sender Filter Agent on Exchange Server

You can use the Anti-Spam Agent’s built-in filter in on-premises Exchange Server to configure sender blacklists. The Transport service in Exchange Server allows you to use anti-spam agents to filter incoming e-mail messages. These agents are not installed by default. To install them, run the following script on a Mailbox server:

& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

Restart the Exchange Transport service:

Restart-Service MSExchangeTransport

By default, anti-spam filters are installed on an Exchange server with the Edge role in your organization.

This PowerShell script installs several Exchange antispam agents, including the Sender Filter agent. The Sender Filter agent allows you to specify a list of domains and sender addresses that you do not want to receive e-mail from.

List installed agents:

Get-TransportAgent

Exchange: Get-TransportAgent installed

In order to enable the Recipient Filter Agent, run:

Enable-TransportAgent "Recipient Filter Agent"

All other antispam agents can be disabled (if you don’t use them):

Disable-TransportAgent "Content Filter Agent"
Disable-TransportAgent "Sender Id Agent"
Disable-TransportAgent "Sender Filter Agent"
Disable-TransportAgent "Protocol Analysis Agent"

You can further configure RBL filters in Exchange using the Content Filter Agent.

Enable the sender filtering agent:

Set-SenderFilterConfig -Enabled $true

If you only want to filter external senders, you should run this command:

Set-SenderFilterConfig -ExternalMailEnabled $true

You can now specify a list of email addresses that you want to block.

Set-SenderFilterConfig -BlockedSenders [email protected],[email protected]

You can block all senders from specific domains and all subdomains:

Set-SenderFilterConfig -BlockedDomainsAndSubdomains spammers.com,masssend.net

To get the list of blocked email addresses, run the command:

Get-SenderFilterConfig |fl BlockedSenders,BlockedDomains,BlockedDomainsAndSubdomains

If you want to add new entries to the list of blocked domains/addresses, use:

Set-SenderFilterConfig -BlockedSenders @{Add="[email protected]"}

Or

Set-SenderFilterConfig -BlockedDomainsAndSubdomains @{Add="block_me.net","spammers.com","fb.com"}

To remove the specific email addresses from the Exchange blacklist, run these commands:

Set-SenderFilterConfig -BlockedSenders @{Remove="[email protected]","[email protected]"}

This will only remove the addresses you specify, not the whole list.

Or:

Set-SenderFilterConfig –BlockedDomainsAndSubdomains @{Remove="block_me.net","spammers.com"}

In the same way, you can manage the sender whitelist in Exchange:

Set-ContentFilterConfig -Enabled $true
Set-ContentFilterConfig -ExternalMailEnabled $true
Set-ContentFilterConfig -BypassedSenderDomains microsoft.com
Set-ContentFilterConfig -BypassedSenders [email protected]
IPAllowListEntry -IPAddress 123.45.67.89

Use Exchange Mail Flow Rules to Block Email

In EOL and Exchange Server, you can use Exchange mail flow rules (transport rules) to block e-mail from specific senders or domains. You can create mail rules from the Exchange Admin Center web interface.

If you are using the classic EAC interface:

  1. Navigate to the Mail flow;exchange admin center mail flow
  2. Create a new rule. Add the condition The sender -> is the person or domain is and specify the sender email addresses or domains to block;configuring blocking sender domain rule in exchange
  3. If you want to block all external emails, select the option The sender is located… -> Outside the organization. Click More options;transport rule for sender outside the organization
  4. Then add the action -> Block the message. You can block an email and send an NDR to the sender (Reject the message and include an explanation), NDR with the error code, or delete the e-mail message without sending any notification;exchange transport rule - Reject the message and include an explanation
  5. Specify the rule priority and save it.

In the EOL, the new Exchange Admin Centre is used to add a new transport rule:

  1. Navigate to Mail flow -> Rules —> Add a rule;exchange online: create mailflow rule
  2. Select the rule Restrict messages by sender or recipient;
  3. Set the rule name;
  4. Apply this rule if -> domain is -> specify the names of the domains you want to block (you can add multiple domains in a transport rule);
  5. In the Do the following field, select Block the message and specify whether the NDR should be sent to the sender (for example, select reject the message with the enhanced status code and specify 5.7.1;block domain with mailflow rule in exchange
  6. Then select Rule mode -> Enforce;
  7. The new transport rule is disabled by default. Enable it in EAC.

All emails from the specified domains will now be rejected by EOL. You can see the name of the transport rule that rejected the email in the Microsoft 365 tracking logs:

Office 365 received this message but couldn't deliver it to the recipient (‎[email protected]‎). This happened because an email admin for your organization set up the following mail flow rule that rejected the message:
Mail flow rule: ‎ exch_RuleBlockDomain_contoso‎

microsoft 365: tracking log mailflow rule rejects message

You can create a transport rule in Exchange tenant using PowerShell. Connect to your Exchange organization, and run the following command to create a new mail flow rule to block multiple domains:

New-TransportRule -Name 'Block Spammers' -Comments 'Rule to block spammers' -Priority '0' -Enabled -FromAddressContainsWords '[email protected]' -DeleteMessage $true

Or:

$list1 = @('contoso.com','nwtraders.msft',)
New-TransportRule -Name "block_sender_domain" -RecipientAddressMatchesPatterns $list1 RejectMessageEnhancedStatusCode '5.7.1' -RejectMessageReasonText "Blocked recipients"

View information about the transport rule:

Get-TransportRule block_sender_domain | select name,State,SenderDomainIs,RejectMessageReasonText

Powershell: Get-TransportRule

Block Senders Using the Tenant Allow/Block List

You can block the sender list using the Tenant Allow/Block List feature in Exchange Online.

  1. Sign in to the Microsoft 365 Defender https://security.microsoft.com.
  2. Navigate to Policies & rules -> Threat policies -> Tenant Allow/Block List;
  3. Click the Block button and add a list of email addresses and domains to be blacklisted;tenant allow block list in microsoft 365 defender
  4. A separate rule is created for each entry

You can also add addresses to the Tenant Allow/Block list using PowerShell:

New-TenantAllowBlockListItems -ListType Sender -Block -Entries '[email protected]','[email protected]' -NoExpiration

Display blocked addresses:

Get-TenantAllowBlockListItems -ListType Sender -Block|select value,ExpirationDate

New-TenantAllowBlockListItems with PowerShell

Users in the organization will no longer be able to send e-mails to these addresses and the senders will receive an NDR:

5.7.1 Your message can't be delivered because one or more recipients are blocked by your organization's tenant allow/block list policy.

How to Blacklist Senders in Outlook?

You can block senders in a specific user’s mailbox, rather than at the level of the entire Exchange organization/tenant. The list of trusted and blocked users can be set in OWA (Settings -> Mail-> Junk email). To block an email address, simply add the address or domain to the Blocked Senders list and save the changes.

Blocked senders in Outlook

The same can be done in Outlook. Go to the Home tab in Outlook 365/2019/2016, click the Junk drop-down list, and select Junk E-mail Options.

outlook 2016 configure junk emals sender list

Add the e-mail addresses or domains from which you do not want to receive e-mail in the Blocked Senders tab.

outlook blocked senders

E-mails from this sender are automatically moved to the Junk Email folder of the user mailbox.

And the following message will appear in the tracking logs:

The message was delivered to the Junk Email folder: FilteredAsSpam

exchange tracking log: filteredasspam

An Exchange administrator can manage the list of blocked domains and SMTP addresses for a specific mailbox using PowerShell. You can add a new sender address to the Junk list:

Set-MailboxJunkEmailConfiguration -Identity jrobinson –BlockedSendersandDomains @{Add="[email protected]"}

Or you can remove the specific email address from the blocked sender’s list:

Set-MailboxJunkEmailConfiguration -Identity jrobinson –BlockedSendersandDomains @{Remove="[email protected]"}

Display a list of blocked addresses:

Get-MailboxJunkEmailConfiguration –Identity jrobinson | FL BlockedSendersandDomains

Get-MailboxJunkEmailConfiguration in Outlook

Clear the list of blocked senders:

Set-MailboxJunkEmailConfiguration -Identity jrobinson -BlockedSendersAndDomains $null

1 comment
8
Facebook Twitter Google + Pinterest
previous post
Managing Inbox Rules in Exchange with PowerShell
next post
How to Force Remove a Printer That Won’t Uninstall on Windows

Related Reading

View Windows Update History with PowerShell (CMD)

April 30, 2025

Uninstalling Windows Updates via CMD/PowerShell

April 18, 2025

Allowing Ping (ICMP Echo) Responses in Windows Firewall

April 15, 2025

How to Pause (Delay) Update Installation on Windows...

April 11, 2025

How to Write Logs to the Windows Event...

March 3, 2025

1 comment

Tom March 21, 2023 - 9:38 am

Hi, thanks. However can you block IP adresses from the sending server (found in header data of the mail) if they spoof the email adress?

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMware
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025
  • How to Write Logs to the Windows Event Viewer from PowerShell/CMD

    March 3, 2025
  • How to Hide (Block) a Specific Windows Update

    February 25, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Outlook Keeps Asking for Password on Windows
  • Checking User Sign-in Logs in Entra ID (Microsoft 365)
  • How to Manually Configure Exchange or Microsoft 365 Account in Outlook 365/2019/2016
  • Search and Delete Emails from User Mailboxes on Exchange Server (Microsoft 365) with PowerShell
  • Removing Built-in Teams Chat in Windows 11
  • Fix: Microsoft Outlook Search Not Working on Windows 10/11
  • Blank Sign-in Screen in Office 365 Apps (Outlook, Teams, etc.)
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top