How to block a sender domain or email address in Exchange and Microsoft 365? ,

An email system based on on-premises Exchange Server or Exchange Online (Microsoft 365) allows an administrator to block (reject) e-mail from specific external domains or sender addresses. Exchange Server and Microsoft 365 have several features that you can use to create blacklists of unwanted domains and email addresses from which you want to block incoming e-mail. In this article, we will see how to configure Blocked Senders list from Exchange Admin Center (EAC) GUI or PowerShell.

The following is a summary table of the sender blocking methods available in EOL (M365) and on-premises Exchange Server.

on-premises Exchange Server Exchange Online (Microsoft 365)
transmitter filter ,
Blocking senders using transport rules (mail flow rules) , ,
Individual block list in user mailbox , ,
Tenant Allowed / Block List at EOL ,

Configure Sender Filter Agent on Exchange Server

You can use the built-in filter of the anti-spam agent in the on-premises Exchange Server to configure the sender blacklist. The Transport service in Exchange Server allows you to use anti-spam agents to filter incoming e-mail messages. These agents are not installed by default. To install them, run the following script on the mailbox server:

& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1

Restart the Exchange Transport service:

Restart-Service MSExchangeTransport

By default, anti-spam filters are installed on Exchange servers with the Edge role in your organization.

This PowerShell script installs several Exchange antispam agents including sender filter agent, The Sender Filter Agent allows you to specify a list of domains and sender addresses from which you do not want to receive e-mail.

List installed agents:


Exchange: Get-TransportAgent Installed

To enable the Recipient Filter Agent, run:

Enable-TransportAgent "Recipient Filter Agent"

All other antispam agents can be disabled (if you do not use them):

Disable-TransportAgent "Content Filter Agent"
Disable-TransportAgent "Sender Id Agent"
Disable-TransportAgent "Sender Filter Agent"
Disable-TransportAgent "Protocol Analysis Agent"

Enable Sender Filtering Agent:

Set-SenderFilterConfig -Enabled $true

If you want to filter only external senders, you should run this command:

Set-SenderFilterConfig -ExternalMailEnabled $true

Now you can specify the list of email addresses you want to block.

Set-SenderFilterConfig -BlockedSenders [email protected],[email protected]

You can block all senders from a specific domain and all subdomains:

Set-SenderFilterConfig -BlockedDomainsAndSubdomains,

To get a list of blocked email addresses, run the command:

Get-SenderFilterConfig |fl BlockedSenders,BlockedDomains,BlockedDomainsAndSubdomains

If you want to add new entries to the blocked domains/addresses list, use:

Set-SenderFilterConfig -BlockedSenders @{Add="[email protected]"}


Set-SenderFilterConfig -BlockedDomainsAndSubdomains @{Add="","",""}

To remove specific email addresses from the Exchange blacklist, run these commands:

Set-SenderFilterConfig -BlockedSenders @{Remove="[email protected]","[email protected]"}

This will only remove the addresses you specify, not the entire list.


Set-SenderFilterConfig –BlockedDomainsAndSubdomains @{Remove="",""}

Use Exchange Mail Flow Rules to Block Email

In EOL and Exchange Server, you can use Exchange mail flow rules (transport rules) to block e-mail from specific senders or domains. You can create mail rules from the Exchange Admin Center web interface.

If you are using the classic EAC interface:

  1. navigate to mail flow,exchange administration center mail flow
  2. Create a new rule. add condition Sender , person is Or is the domain and specify sender email addresses or domains to block;Configuring Blocking Sender Domains Rules in Exchange
  3. Select the option if you want to block all external email The sender is located … -> outside the organization, Click more options;Transportation rules for consignee outside organization
  4. then add action -> block message, You can block an email and send an NDR to the sender (Reject message and include explanation), with NDR error code, or delete the e-mail message without sending any notification;Exchange Transport Rules - Reject Message and Include Explanation
  5. Specify the rule priority and save it.

In EOL, the new Exchange admin center is used to add a new transport rule:

  1. go to mail flow , Rule –, add a rule;Exchange Online: Create Mailflow Rules
  2. select rule Restrict messages by sender or recipient,
  3. Set the name of the rule;
  4. Apply this rule if -> has domain -> specify the names of the domains you want to block (you can add multiple domains to the transport rule);
  5. In do the following field, select block message and specify whether the NDR should be sent to the sender (for example, select Reject message with advanced status code and specify 5.7.1,Block domains with mailflow rules in Exchange
  6. Then select Rule Mode -> Apply;
  7. The new transport rule is disabled by default. Enable it in EAC.

All emails from the specified domain will now be rejected by EOL. You can see the name of the transport rule that rejected the email in the Microsoft 365 tracking log:

Office 365 received this message but couldn't deliver it to the recipient (‎[email protected]‎). This happened because an email admin for your organization set up the following mail flow rule that rejected the message:
Mail flow rule: ‎ exch_RuleBlockDomain_contoso‎

Microsoft 365: Tracking log rejects mailflow rule message

You can create transport rules in the Exchange tenant by using PowerShell. Connect with your organization:

To create a new mail flow rule to block multiple domains, run

New-TransportRule -Name 'Block Spammers' -Comments 'Rule to block spammers' -Priority '0' -Enabled -FromAddressContainsWords '[email protected]' -DeleteMessage $true


$list1 = @('','nwtraders.msft',)
New-TransportRule -Name "block_sender_domain" -RecipientAddressMatchesPatterns $list1 RejectMessageEnhancedStatusCode '5.7.1' -RejectMessageReasonText "Blocked recipients"

View information about the transport rule:

Get-TransportRule block_sender_domain | select name,State,SenderDomainIs,RejectMessageReasonText

Powershell: Get-Transport Rule

Block senders using tenant permission/block list

You can block sender lists by using the Tenant Allow/Block List feature in Exchange Online.

  1. Sign in to Microsoft 365 Defender,
  2. Navigate to Policies and Rules -> Threat Policies -> Tenant Allow/Block List;
  3. Click block Add button and list of email addresses and domains to be blacklisted;Tenant permission block list in Microsoft 365 Defender
  4. A separate rule is created for each entry

You can also add addresses to the Tenant Allow/Block List using PowerShell:

New-TenantAllowBlockListItems -ListType Sender -Block -Entries '[email protected]','[email protected]' -NoExpiration

Display blocked addresses:

Get-TenantAllowBlockListItems -ListType Sender -Block|select value,ExpirationDate

New-TenantAllowBlockListItems with PowerShell

Users in the organization will no longer be able to send e-mail to these addresses and senders will receive an NDR:

5.7.1 Your message can't be delivered because one or more recipients are blocked by your organization's tenant allow/block list policy.

How to blacklist senders in Outlook?

You can block senders at a specific user’s mailbox instead of at the entire Exchange organization/tenant level. Trusted and blocked users lists can be set in OWA (Adjustment , Match, junk email), To block an email address, simply add the address or domain to blocked sender List and save the changes.

Blocked Senders in Outlook

The same can be done in Outlook. In Outlook 365/2019/2016 go to Home tab, click trash drop-down list, and select junk e-mail option,

Configure Outlook 2016 Junk Email Senders List

Add e-mail addresses or domains you don’t want to receive e-mail from blocked sender tab.

outlook blocked senders

Emails from this sender are automatically moved to junk email User mailbox folder.

And the following message will appear in the tracking log:

The message was delivered to the Junk Email folder: FilteredAsSpam

Exchange Tracking Log: FilteredSpam

An Exchange administrator can manage the list of blocked domains and SMTP addresses for a specific mailbox by using PowerShell. You can add a new sender address to the Junk list:

Set-MailboxJunkEmailConfiguration -Identity jrobinson –BlockedSendersandDomains @{Add="[email protected]"}

Or you can remove a specific email address from the Blocked Senders list:

Set-MailboxJunkEmailConfiguration -Identity jrobinson –BlockedSendersandDomains @{Remove="[email protected]"}

Display a list of blocked addresses:

Get-MailboxJunkEmailConfiguration –Identity jrobinson | FL BlockedSendersandDomains

Get-MailboxJunkEmailConfiguration in Outlook

Clear the list of blocked senders:

Set-MailboxJunkEmailConfiguration -Identity jrobinson -BlockedSendersAndDomains $null

Leave a Comment