Microsoft 365/Exchange Online is a widely used suite of productivity tools that provides organizations with powerful email capabilities. However, as with any email service, unwanted messages from particular senders or domains can be a significant issue.
Fortunately, Microsoft 365/Office 365 offers several ways to block email addresses or domains to prevent these messages from reaching your inbox. Whether you are dealing with spam, phishing attempts, or unwanted promotional emails, there are various methods you can use to block senders and domains.
In this blog post, we’ll discuss five different ways to block email addresses or domains in Microsoft 365/Office 365, helping you keep your inbox clean and organized.
We’ll look at different ways to help you stop unwanted emails in Office 365, including using the built-in block sender feature, creating transport rules, and setting up anti-spam policies.
|Want to Whitelist a sender instead of blocking them?
|If you’re interested in whitelisting or allowing a sender, you can refer to this blog post titled “Bypass spam filtering in Microsoft 365/Office 365” also referred to as the process of adding a sender to the Safe Sender’s list.
Here are the ways you can block an email address or domain in Microsoft 365/Office365:
- Tenant Allow/Block list. [Most Recommended option]
- Outlook Blocked Sender’s list.
- Block Sender or domain by using anti-spam policies.
- Create mail flow rules/transport rules in Exchange Online.
- IP Block list from anti-spam policies (connection filtering policy).[Least Recommended Option]
Table of Contents
Option 1 – Using Tenant Allow/Block list
Office 365 provides a Tenant Allow/Block list feature that allows administrators to manage email traffic to their organization more effectively. This feature allows you to block or allow email messages from specific domains or email addresses.
By using this feature, you can create a list of trusted domains and email addresses that are allowed to send messages to your organization, while blocking all other senders. This can be useful for blocking spam or phishing attempts from certain senders or domains.
For domains and email addresses, the maximum number of allow entries is 500, and the maximum number of block entries is 500 (1000 domain and email address entries total).
Who can manage the Tenant Allow/Block List?
To manage the Tenant Allow/Block list, a user should belong to the following groups/roles:
- Organization Management or Security Administrator role group (Security admin role)
- Security Operator role group (Tenant AllowBlockList Manager).
Effects of Using Tenant Allow/Block List
When a sender is blocked via the Tenant Allow/Block list, all their emails are tagged as high-confidence spam (SCL = 9). This results in the messages being treated as spam and the actions specified in your Anti-Spam Inbound policy are applied to these emails.
When internal users attempt to send emails to blocked domains, they’ll receive an email notification with the message: ‘550 5.7.703 Your message cannot be delivered because one or more recipients are blocked by your organization’s tenant recipient block policy.‘”
Add a Sender to the Tenant Block senders list
Let’s check the steps to add a sender to Tenant Block Senders list
- Sign in to Microsoft 365 Defender portal either as a Security administrator or Global administrator.
- Under Email & collaboration > Policies & rules.
- Click on Threat policies.
- Under Rules, click on Tenant Allow/Block Lists
- Click on “+ Block” and then input all the email addresses or domains you wish to block. You can set a duration for when to remove block entries, such as 1 day, 7 days, 30 days, or even specify a custom date.
- Once you’ve clicked on “Add,” all the entries will be included. You can verify the block list of senders by going to the “Domain & Addresses” tab within the Tenant Allow/Block list.
Add a Sender to the Tenant Block senders list using Powershell
You can utilize PowerShell to manage the Tenant Block Sender list. The cmdlet you’ll need is “New-TenantAllowBlockListItems.”
New-TenantAllowBlockListItems -ListType Sender -Block -Entries "DomainOrEmailAddress1","DomainOrEmailAddress1",..."DomainOrEmailAddressN" <-ExpirationDate Date | -NoExpiration> [-Notes <String>]
Install Exchange Online Powershell Module
Install-module -Name ExchangeOnlineManagement
Connect to Exchange Online
Example 1: Adding two domains in the Tenant Block List
New-TenantAllowBlockListItems -ListType Sender -Block -Entries "blockdomain1.com","blockdomain2.net" -NoExpiration
Example 2: Adding an email address and a domain in the Tenant Block List
New-TenantAllowBlockListItems -ListType Sender -Block -Entries "firstname.lastname@example.org","domain3.net" -NoExpiration
Option 2 – Using Outlook Blocked Sender’s list
If you’re receiving numerous spam emails from a specific sender or domain, targeting only a few recipients in your organization, and you prefer not to use the Tenant Allow/Block List, you can create a block sender list in Outlook.
It’s important to note that the block sender’s list is specific to each user’s mailbox and unique for every user. For instance, if you wish to block the sender’s email address “email@example.com” for users “firstname.lastname@example.org” and “email@example.com,” you’ll need to individually add “firstname.lastname@example.org” to the block sender’s list in the mailboxes of both Alex and John.
Users can add senders to their block list using either the Outlook desktop client or Outlook for the web (Outlook Web App). If you, as an administrator, need to create a block sender list for a user’s mailbox, you can achieve this by using PowerShell cmdlets. For more in-depth information on this process, you can refer to the article titled “How To Block An Email Address Or Domain In Outlook.”
Option 3 – Using Anti-spam policies
You can also utilize anti-spam policies to block email addresses or domains. By creating a custom Inbound anti-spam policy, you can apply the rule to a specific group or the entire domain. However, if you opt for the default Inbound anti-spam policy, the rule will be applied to all users.
You have the option to configure a block sender list using anti-spam policies through either the Microsoft 365 Defender portal or PowerShell. For more detailed information on the implementation and examples, you can refer to the article titled “Block sender or domain by using anti-spam policies“.
Option 4 – Using Exchange Online Transport rule
Using a transport rule in Exchange Online, you can effectively block messages from a specific sender by defining conditions and actions that are applied to inbound messages.
You have the flexibility to define criteria like the sender’s email address or domain, message subject, body, attachments, or header fields. Additionally, you can set up actions such as blocking, rejecting, quarantining, or redirecting the message based on these criteria.
Creating a transport rule to block a sender helps safeguard your organization’s email system by preventing spam, phishing, or malicious messages from infiltrating it. This ensures that your employees receive only the messages necessary for their work.
For a more detailed guide on the steps to implement blocking an email address or domain in Exchange Online, you can refer to the article titled “How To Block An Email Address Or Domain In Exchange Online.”
Option 5 – Using IP Block List of Anti-spam Policies
Although it’s the least recommended option by Microsoft, you can still use the IP block list to prevent all incoming messages from specific source email servers. You need to specify the IP address of the source server(s), and you can also define a range of IP addresses in CIDR format, like “10.20.1.4/24.”
Any email sent from the email server’s IP address that you add to the block list will be outright rejected and blocked. It won’t be marked as spam; instead, it will be rejected without being delivered.
To configure the IP block list, we will use the default Anti-spam policy known as the Connection filter policy (Default). Please follow these steps to add an email server’s IP address to the block list of the anti-spam policy:
- Sign in to the Microsoft 365 Defender portal either as a Security administrator or Global administrator.
- Under Email & collaboration > Policies & rules
- Click on Threat policies
- Click on Anti-spam under Policies
- Select the Connection filter policy (Default) and then click on Edit connection filter policy.
- In the Connection filter policy (Default), locate the section labeled “Always block messages from the following IP addresses or address range” Add a single IP address, like “10.20.1.4,” or an IP range, such as “10.1.3.0/24,” to the block list. After making your changes, click on “Save” and then “Close” to save and exit the configuration.