An email system based on on-premises Exchange Server or Exchange Online (Microsoft 365) allows an administrator to block (reject) e-mail from specific external domains or sender addresses. Exchange Server and Microsoft 365 have several features that you can use to create blacklists of unwanted domains and email addresses from which you want to block incoming e-mail. In this article, we will see how to configure Blocked Senders list from Exchange Admin Center (EAC) GUI or PowerShell.
The following is a summary table of the sender blocking methods available in EOL (M365) and on-premises Exchange Server.
| on-premises Exchange Server | Exchange Online (Microsoft 365) | |
| transmitter filter | , | |
| Blocking senders using transport rules (mail flow rules) | , | , |
| Individual block list in user mailbox | , | , |
| Tenant Allowed / Block List at EOL | , |
Configure Sender Filter Agent on Exchange Server
You can use the built-in filter of the anti-spam agent in the on-premises Exchange Server to configure the sender blacklist. The Transport service in Exchange Server allows you to use anti-spam agents to filter incoming e-mail messages. These agents are not installed by default. To install them, run the following script on the mailbox server:
& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1
Restart the Exchange Transport service:
Restart-Service MSExchangeTransport
By default, anti-spam filters are installed on Exchange servers with the Edge role in your organization.
This PowerShell script installs several Exchange antispam agents including sender filter agent, The Sender Filter Agent allows you to specify a list of domains and sender addresses from which you do not want to receive e-mail.
List installed agents:
Get-TransportAgent
To enable the Recipient Filter Agent, run:
Enable-TransportAgent "Recipient Filter Agent"
All other antispam agents can be disabled (if you do not use them):
Disable-TransportAgent "Content Filter Agent"
Disable-TransportAgent "Sender Id Agent"
Disable-TransportAgent "Sender Filter Agent"
Disable-TransportAgent "Protocol Analysis Agent"
Enable Sender Filtering Agent:
Set-SenderFilterConfig -Enabled $true
If you want to filter only external senders, you should run this command:
Set-SenderFilterConfig -ExternalMailEnabled $true
Now you can specify the list of email addresses you want to block.
Set-SenderFilterConfig -BlockedSenders [email protected],[email protected]
You can block all senders from a specific domain and all subdomains:
Set-SenderFilterConfig -BlockedDomainsAndSubdomains spammers.com,masssend.net
To get a list of blocked email addresses, run the command:
Get-SenderFilterConfig |fl BlockedSenders,BlockedDomains,BlockedDomainsAndSubdomains
If you want to add new entries to the blocked domains/addresses list, use:
Set-SenderFilterConfig -BlockedSenders @{Add="[email protected]"}
Or
Set-SenderFilterConfig -BlockedDomainsAndSubdomains @{Add="block_me.net","spammers.com","fb.com"}
To remove specific email addresses from the Exchange blacklist, run these commands:
Set-SenderFilterConfig -BlockedSenders @{Remove="[email protected]","[email protected]"}
This will only remove the addresses you specify, not the entire list.
Or:
Set-SenderFilterConfig –BlockedDomainsAndSubdomains @{Remove="block_me.net","spammers.com"}
Use Exchange Mail Flow Rules to Block Email
In EOL and Exchange Server, you can use Exchange mail flow rules (transport rules) to block e-mail from specific senders or domains. You can create mail rules from the Exchange Admin Center web interface.
If you are using the classic EAC interface:
- navigate to mail flow,
- Create a new rule. add condition Sender , person is Or is the domain and specify sender email addresses or domains to block;
- Select the option if you want to block all external email The sender is located … -> outside the organization, Click more options;
- then add action -> block message, You can block an email and send an NDR to the sender (Reject message and include explanation), with NDR error code, or delete the e-mail message without sending any notification;
- Specify the rule priority and save it.
In EOL, the new Exchange admin center is used to add a new transport rule:
- go to mail flow , Rule –, add a rule;
- select rule Restrict messages by sender or recipient,
- Set the name of the rule;
- Apply this rule if -> has domain -> specify the names of the domains you want to block (you can add multiple domains to the transport rule);
- In do the following field, select block message and specify whether the NDR should be sent to the sender (for example, select Reject message with advanced status code and specify 5.7.1,
- Then select Rule Mode -> Apply;
- The new transport rule is disabled by default. Enable it in EAC.
All emails from the specified domain will now be rejected by EOL. You can see the name of the transport rule that rejected the email in the Microsoft 365 tracking log:
Office 365 received this message but couldn't deliver it to the recipient ([email protected]). This happened because an email admin for your organization set up the following mail flow rule that rejected the message: Mail flow rule: exch_RuleBlockDomain_contoso
You can create transport rules in the Exchange tenant by using PowerShell. Connect with your organization:
To create a new mail flow rule to block multiple domains, run
New-TransportRule -Name 'Block Spammers' -Comments 'Rule to block spammers' -Priority '0' -Enabled -FromAddressContainsWords '[email protected]' -DeleteMessage $true
Or:
$list1 = @('contoso.com','nwtraders.msft',)
New-TransportRule -Name "block_sender_domain" -RecipientAddressMatchesPatterns $list1 RejectMessageEnhancedStatusCode '5.7.1' -RejectMessageReasonText "Blocked recipients"
View information about the transport rule:
Get-TransportRule block_sender_domain | select name,State,SenderDomainIs,RejectMessageReasonText
Block senders using tenant permission/block list
You can block sender lists by using the Tenant Allow/Block List feature in Exchange Online.
- Sign in to Microsoft 365 Defender https://security.microsoft.com,
- Navigate to Policies and Rules -> Threat Policies -> Tenant Allow/Block List;
- Click block Add button and list of email addresses and domains to be blacklisted;
- A separate rule is created for each entry
You can also add addresses to the Tenant Allow/Block List using PowerShell:
New-TenantAllowBlockListItems -ListType Sender -Block -Entries '[email protected]','[email protected]' -NoExpiration
Display blocked addresses:
Get-TenantAllowBlockListItems -ListType Sender -Block|select value,ExpirationDate
Users in the organization will no longer be able to send e-mail to these addresses and senders will receive an NDR:
5.7.1 Your message can't be delivered because one or more recipients are blocked by your organization's tenant allow/block list policy.
How to blacklist senders in Outlook?
You can block senders at a specific user’s mailbox instead of at the entire Exchange organization/tenant level. Trusted and blocked users lists can be set in OWA (Adjustment , Match, junk email), To block an email address, simply add the address or domain to blocked sender List and save the changes.
The same can be done in Outlook. In Outlook 365/2019/2016 go to Home tab, click trash drop-down list, and select junk e-mail option,
Add e-mail addresses or domains you don’t want to receive e-mail from blocked sender tab.
Emails from this sender are automatically moved to junk email User mailbox folder.
And the following message will appear in the tracking log:
The message was delivered to the Junk Email folder: FilteredAsSpam
An Exchange administrator can manage the list of blocked domains and SMTP addresses for a specific mailbox by using PowerShell. You can add a new sender address to the Junk list:
Set-MailboxJunkEmailConfiguration -Identity jrobinson –BlockedSendersandDomains @{Add="[email protected]"}
Or you can remove a specific email address from the Blocked Senders list:
Set-MailboxJunkEmailConfiguration -Identity jrobinson –BlockedSendersandDomains @{Remove="[email protected]"}
Display a list of blocked addresses:
Get-MailboxJunkEmailConfiguration –Identity jrobinson | FL BlockedSendersandDomains
Clear the list of blocked senders:
Set-MailboxJunkEmailConfiguration -Identity jrobinson -BlockedSendersAndDomains $null
Leave a Comment