Block Email/Domain via Anti-spam policies in Microsoft 365

You can create a block sender list through anti-spam policies, allowing you to include either a sender’s email address or an entire domain. It’s important to note that the maximum capacity for items on this list is approximately 1000.

Through Exchange Online Protection (EOP), inbound emails are automatically protected against spam. Default Inbound and Outbound anti-spam policies come pre-configured for you. While you can modify the default policies as an admin, deletion of these policies is not possible.

In case you have specific requirements that the default anti-spam policies do not meet, you have the option to create a custom anti-spam policy with tailored settings. Custom policies take precedence over the default anti-spam policies, and you can also configure the priority of each policy to suit your needs.

Permissions Required to Manage Anti-Spam Policies

Before you can add, update, or delete any anti-spam policy, your account needs to have the following permissions in Exchange Online:

  • To create a new anti-spam policy, update an existing anti-spam policy, or delete a custom anti-spam policy, you must be a member of the Organization Management or Security Administrator role.
  • For read-only access to anti-spam policies, you need to be a member of the Global Reader or Security Reader role.

Impact of Blocking Senders with Anti-Spam Policies

When you block a sender’s email or domain using anti-spam policies, the email is designated as high-confidence spam. The policy-defined action is then enforced on the sender’s email.

For example, if the High Confidence Spam action is configured to Move the message to the Junk Email Folder, the email will be rerouted to the user’s Junk email folder.

Various message actions can be configured when the verdict classifies an email as High Confidence Spam. Please find it below:

  • Add X-header
  • Prepend subject line with text
  • Redirect message to email address
  • Delete message
  • Quarantine message

Block an Email address or domain using Anti-spam policies

You have the option to either create a new inbound anti-spam policy for blocking the sender or utilize an existing default anti-spam Inbound policy to add the sender to the block list.

I’ll use the Anti-spam inbound policy (Default), which is already set up and can’t be removed. However, you can customize its settings to match your organization’s requirements. Let’s check the steps:

  • Sign in to the Microsoft 365 Defender portal, either as a Security Administrator or Global Administrator.
  • Under Email & collaboration > Policies & rules.
  • Click on Threat policies.
  • Click on Anti-spam under Policies.
  • Select the Anti-spam inbound policy (Default) and scroll down to the bottom of the policy to Select Edit Allowed and blocked senders and domains.
Block an Email address or domain using Anti-spam policies
  • Under the Blocked section, you will find the Manage Senders and Block Domains link.
    • Manage senders: Add the sender’s email address to block.
    • Block Domains: Add domains to block.
Block an Email address or domain using Anti-spam policies
  • Example:
Block an Email address or domain using Anti-spam policies

Add an Email address or domain in the Block Senders list of Anti-spam policies using PowerShell

You can also utilize PowerShell to block an email address or domain in anti-spam policies. First, make sure to install the Exchange Online PowerShell module. If it’s already installed, you can proceed with connecting to Exchange Online using the Connect-ExchangeOnline cmdlet.

Launch PowerShell with administrative privileges and execute the following commands:

Install Exchange Online PowerShell module

Install-Module ExchangeOnlineManagement

Connect to Exchange Online

Connect-ExchangeOnline

Example: Add an email address and domain in Block list [Overwrite existing list]

Set-HostedContentFilterPolicy -Identity "Default" -BlockedSenderDomains test.com -BlockedSenders noreply@fakedom.com
Block an email address or domain in anti-spam policies using Powershell

Example: Append an email address and domain to existing block senders list

Set-HostedContentFilterPolicy -Identity "Default" -BlockedSenderDomains @{Add=”x0ej.com”} -BlockedSenders @{Add=”noreply_123@gmail.com”}
Append an email address and domain to existing block senders list

Remove an email address or domain from the Block senders list of Anti-spam policy with PowerShell

Using the default anti-spam policy, we learned how to add a sender to the block list. Using PowerShell, let’s remove an email address and a domain from the list. Please use the following command for this task.

You can customize the sender’s email address or domain that you wish to remove from the list, and then execute the command. To confirm the blocked sender’s users or domains, you can utilize the Get-HostedContentFilterPolicy -Identity Default | fl Block* command.

Example: Remove sender email address and a Domain from the Block List

Set-HostedContentFilterPolicy -Identity "Default" -BlockedSenderDomains @{Remove="test.com"} -BlockedSenders @{Remove="noreply@fakedom.com"}
Remove Sender's Email address and a Domain from the Block List
Remove Sender’s Email address and a Domain from the Block List

Verify Block Sender email and domain list

Get-HostedContentFilterPolicy -Identity Default | fl Block*

Conclusion

In this blog post, we have explored how to block a sender or domain using anti-spam policies. You can create a custom policy and apply it to specific domains or user sets for blocking senders, or you can utilize the Default anti-spam policy. We have also covered PowerShell commands that enable you to add, remove, and modify the block sender list.

Leave a Comment