You can create block sender list using anti-spam policies. You can add a sender’s email address or domain into this list. The maximum number of Items in the list is around 1000.
Inbound emails are automatically protected against spam by using Exchange Online Protection. EOP. There are default Inbound and Outbound out of the boxt anti-spam policies configured for you. As an admin you can edit the default policies but you cannot delete it.
If you have any custom requirements which is not fulfilled by default anti-spam policies then you can create a custom anti-spam policy with all the settings. Custom policy will take precedence over the default anti-spam policies. You can also configure the Priority of each policy.
Which Permissions are required to manage anti-spam policies
Before you can add, update or delete any anti-spam policy, your account need to have below permissions in Exchange Online:
- For creating a new anti-spam policy, updating existing anti-spam policy or deleting a custom anti-spam policy you will need to be member of Organization Management or Security Administrator role.
- For read-only access to anti-spam policies, you need to be a member of Global reader or Security reader role.
What happens when I block sender’s email or domain using anti-spam policies
When you block a sender’s email or domain using anti-spam policies, the email will be treated as High Confidence Spam email. An action which is configured in the anti-spam policy will be taken against that sender’s email.
For example: If High Confidence spam action is set to “Move message to Junk Email Folder“, then the email will be redirected / moved to user’s Junk email folder.
There are other Message actions which can be set when the message verdict is High Confidence spam:
- Add X-header
- Prepend subject line with text
- Redirect message to email address
- Delete message
- Quarantine message
Steps to block an email address or domain using anti-spam policies
You can either create a new Inbound anti-spam policy to block the sender or use existing default anti-spam Inbound policy to add a sender to the block list.
I will be using the existing anti-spam policy called as Anti-spam inbound policy (Default). This policy is already created for you and cannot be deleted. You can re-configure the policy as per your organization’s requirement.
- Login on Microsoft 365 Defender portal as Security administrator
- Under Email & collaboration > Policies & rules.
- Click on Threat policies.
- Click on Anti-spam under Policies.
- Select the Anti-spam inbound policy (Default) and scroll down to the bottom of the policy to Select “Edit Allowed and blocked senders and domains“
- Under Blocked section, you will find Manage Senders and Block domains link.
- Manage senders – Add sender’s email address to block.
- Block Domains – Add domains to block.
- Examples of adding domains and sender’s into the block list of Anti-spam Inbound policy. Once you are finished with adding senders and domains into the list. Click on Save and then Close to Exit.
Block an email address or domain in anti-spam policies using Powershell
You can also use Powershell to block an email address or domain in anti-spam policies. First you need to Install Exchange Online powershell module. If its installed already then you dont need to Install it again. You can use Connect-ExchangeOnline straight away to Connect to Exchange Online.
Launch Powershell console as an Administrator and run below commands:
Install Exchange Online Powershell module
Install-Module ExchangeOnlineManagement
Connect to Exchange Online
Connect-ExchangeOnline
Example: Add an email address and domain in Block list [Overwrite existing list]
Set-HostedContentFilterPolicy -Identity "Default" -BlockedSenderDomains test.com -BlockedSenders noreply@fakedom.com
Example: Add / append an email address and domain to existing block senders list
Set-HostedContentFilterPolicy -Identity "Default" -BlockedSenderDomains @{Add=”x0ej.com”} -BlockedSenders @{Add=”noreply_123@gmail.com”}
Remove an email address or domain from Block list of anti-spam policy using Powershell
As we have seen how to add a sender into the Block list default anti-spam policy. We will now remove an email address and a domain from the list using powershell. Please use below command for the same.
You can modify the sender email address or domain which you want to remove from the list and then run the command. To verify the Blocked Sender user’s or domain’s you can use Get-HostedContentFilterPolicy -Identity Default | fl Block* command.
Example: Remove sender’s email address and a domain from Block List
Set-HostedContentFilterPolicy -Identity "Default" -BlockedSenderDomains @{Remove="test.com"} -BlockedSenders @{Remove="noreply@fakedom.com"}
Verify Block Sender email and domain list
Get-HostedContentFilterPolicy -Identity Default | fl Block*
Conclusion
In this blog post, we have seen how to block a sender or domain using anti-spam policies. You can create your own custom policy and apply it to the domain or set of users to block senders or use the Default anti-spam policy for the same. We have also see powershell commands which can also be used to add, remove, modify block sender list.