Office 365 is a widely used suite of productivity tools that provides organizations with powerful email capabilities. However, as with any email service, unwanted messages from particular senders or domains can be a significant issue.
Fortunately, Office 365 offers several ways to block email addresses or domains to prevent these messages from reaching your inbox. Whether you are dealing with spam, phishing attempts, or unwanted promotional emails, there are various methods you can use to block senders and domains.
In this blog post, we’ll discuss five different ways to block email addresses or domains in Office 365, helping you keep your inbox clean and organized.
From using the built-in block sender feature to creating transport rules and configuring anti-spam policies, we’ll explore various approaches to help you effectively block unwanted emails in Office 365.
| Looking to Whitelist a sender, Instead of Blocking ? |
|---|
| If you are looking to whitelist or allow any sender then you can follow this blog post: Whitelist or allow an email address or domain. This is also referred to as adding a sender into the Safe Sender’s list. |
Below are the list of ways which you can use to block a sender’s email address or domain in Office 365.
- Tenant Allow/Block list. [Most Recommended option]
- Outlook Blocked sender’s list.
- Block sender or domain by using anti-spam policies.
- Create mail flow rules / transport rules in Exchange online.
- IP Block list from anti-spam policies (connection filtering policy).[Least Recommended Option]
Option 1 – Block an email address or domain using Tenant Allow/Block list
Office 365 provides a Tenant Allow/Block list feature that allows administrators to manage email traffic to their organization more effectively. This feature allows you to block or allow email messages from specific domains or email addresses.
By using this feature, you can create a list of trusted domains and email addresses that are allowed to send messages to your organization, while blocking all other senders. This can be useful for blocking spam or phishing attempts from certain senders or domains.
For domains and email addresses, the maximum number of allow entries is 500, and the maximum number of block entries is 500 (1000 domain and email address entries total).
Who can update Tenant Allow/Block List ?
User should be a member of below groups / roles to be able to manage Tenant Allow/Block list.
- Organization Management or Security Administrator role group (Security admin role)
- Security Operator role group (Tenant AllowBlockList Manager).
What happens to the blocked senders in Tenant Block list
When you block a sender using Tenant Allow/Block list, all email messages from the sender will be marked as high confidence spam (SCL = 9). This means that the message will be treated as a Spam email message and whatever action is specified in your Anti-spam Inbound policy will be taken on those emails.
If any Internal user will try to send an email to the blocked domains they will receive an email with message: 550 5.7.703 Your message can’t be delivered because one or more recipients are blocked by your organization’s tenant recipient block policy.
How to add a sender into Tenant Block senders list
The list is called as Tenant Allow/Block list, however for simplicity sake, I am referring it as Tenant block senders list as I would just be blocking email address or domain using this policy. Let’s check the steps to add a sender to Tenant Block list in Office 365:
- Login on Microsoft 365 Defender portal as Security administrator or Global administrator.
- Under Email & collaboration > Policies & rules.
- Click on Threat policies.
- Under Rules, click on Tenant Allow/Block Lists
- Click on + Block and then add all the email addresses or domains you want to block. You can Remove block entry after set number of days for example: 1 day, 7 days, 30 days or you can set a custom date as well. I have selected Never expire for Remove block entry after. Click on Add to add all the entries into the block senders list.
- After clicking on Add, all the entries are added. You can verify the block list of senders from Domain & addresses tab in Tenant Allow/Block list.
How to add an email address or domain in Tenant Block senders list using Powershell
You can use Powershell to manage Tenant Block sender list. The cmdlet you need to use is New-TenantAllowBlockListItems. The generic command line parameters for this cmdlet is given below.
New-TenantAllowBlockListItems -ListType Sender -Block -Entries "DomainOrEmailAddress1","DomainOrEmailAddress1",..."DomainOrEmailAddressN" <-ExpirationDate Date | -NoExpiration> [-Notes <String>]
Let’s check the steps and few examples to add domains and email addresses into block sender’s list:
Install Exchange Online Powershell Module
Install-module -Name ExchangeOnlineManagement
Connect to Exchange Online
Connect-ExchangeOnline
Example 1: Adding two domains in the Tenant Block List
New-TenantAllowBlockListItems -ListType Sender -Block -Entries "blockdomain1.com","blockdomain2.net" -NoExpiration
Example 2: Adding an email address and a domain in the Tenant Block List
New-TenantAllowBlockListItems -ListType Sender -Block -Entries "xyz@test.com","domain3.net" -NoExpiration
Option 2 – Add an email address or domain in Outlook Blocked sender’s list
If you are getting a lot of spam emails from a particular sender or domain which is targetted towards few recipients in your organization and Also for some reason If you do not want to use Tenant Allow/Block List then you can create a block sender list in Outlook.
Please note that this block sender’s list is per user mailbox and unique for each user. For example: If you want to block a sender’s email address shop@xyz.net for a user alex@cloudinfra.net and john@cloudinfra.net, then you will need to add shop@xyz.net into the block sender’s list of alex and john’s mailboxes.
Users can add a sender into the block list themselves using Outlook desktop client or Outlook for web (Outlook Web App). As an admin, If you want to create block sender list for any user mailbox then you can use Powershell cmdlets for the same. Refer to the article How To Block An Email Address Or Domain In Outlook to know more details about it.
Option 3 – Block an email address or domain by using anti-spam policies.
You can also use anti-spam policies to block an email address or domains. You can either apply the rule to a group or the whole domain by creating a custom Inbound anti-spam policy. However, if you choose to use default Inbound anti-spam policy, then the rule will be applied to all users.
You can either use the Microsoft 365 defender portal or Powershell to configure block sender list using anti-spam policies. Refer to the article Block sender or domain by using anti-spam policies to know more details on the implementation and Examples.
Option 4 – Create transport rule in Exchange online to block a sender
With a transport rule in Exchange Online, you can block messages from a specific sender by setting up conditions and actions that apply to inbound messages.
You can define criteria such as sender’s email address or domain, message subject, body, attachments, or header fields, and then configure actions such as blocking, rejecting, quarantining, or redirecting the message.
By creating a transport rule to block a sender, you can prevent spam, phishing, or malicious messages from entering your organization’s email system, and ensure that your employees only receive the messages they need to do their jobs.
Refer to the article How To Block An Email Address Or Domain In Exchange Online to know more details about the steps to implement it.
Option 5 – IP Block list from anti-spam policies
Using IP block list is least recommended option by Microsoft. But still it can be used to block all incoming messages from source email servers. You have to specify the IP address of the source server or servers. You can also specify a range of IP address in CIDR format for example: 10.20.1.4/24.
Any email sent from the emails servers IP which you add into the block list will be rejected / blocked. It will not be marked as spam but simply gets rejected.
For Configuring the IP block list, we will use the default Anti spam policy called as Connection filter policy (Default). Please follow below steps to add an IP address of email server into the Block list of anti-spam policy.
- Login on Microsoft 365 Defender portal as Security administrator or Global administrator.
- Under Email & collaboration > Policies & rules.
- Click on Threat policies.
- Click on Anti-spam under Policies.
- Select the Connection filter policy (Default) and then click on Edit connection filter policy.
- In Connection filter policy (Default), you will find “Always block messages from the following IP addresses or address range:“. Add a single IP address for example: 10.20.1.4 or IP range for example: 10.1.3.0/24 into the block list. Click on Save and the Close to save and exit.
Conclusion
In this blog post, we learned 5 different ways you can use to block an email address or domain to send an email to any user in your organization.
My recommendation is to use the options in following order to block any sender.
- Use Tenant Allow/block list first.
- If for some reason you are unable to use the option and if the spam sender email is targetted to specific Internal users then use Outlook Block sender list.
- If you have multiple spam emails targetting multiple recipients or whole organization then you can use Block sender or domain by using anti-spam policies.
- You can also use transport rules in Exchange Online to block a spam sender to prevent any Incoming spam emails.
- Last option would be to use IP block list to block IP address of email servers.
READ NEXT
- How To Block An Email Address Or Domain In Outlook.
- How To Block An Email Address Or Domain Using Anti-spam Policies In Office 365.
- How To Block An Email Address Or Domain In Exchange Online.
- Bypass Spam Filtering For An Email Address Or Domain In Office 365.
- Block Emails Based On File Attachment Extension In Office 365.