Metn. Beirut – Lebanon
BLACKLIST DOMAIN OR EMAIL ADDRESS
24-Aug-2023

BLACKLIST DOMAIN OR EMAIL ADDRESS

In Microsoft 365 (Office 365) organizations, you can use Exchange Online Protection (EOP) to block email from unwanted senders (SMTP addresses) or domain names. In Exchange Online, you can configure multiple levels of spam blocking:

  • Block domains and email addresses using Tenant Allow/Block List;
  • List of Outlook Blocked Senders (an individual list is stored in each user mailbox);
  • Exchange Online Protection anti-spam policies;
  • Exchange Mail flow (transport) rules;
  • Connection filters (the IP Block List).

The available sender blocking methods in this list are listed in order from most recommended to least recommended.

Manage Exchange Online Tenant Block List

There is a separate Tenant Allow/Block List feature in Microsoft 365 Defender that allows you to manage your list of allowed and blocked external senders.

  1. Sign-in to Microsoft 365 Defender portal with an account that is a member of one of the following groups: Organization Management, Security Administrator role, or role group;
  2. Go to Email and collaboration > Policies and rules > Threat Policies > Tenant Allow/Block Lists;
  3. Click Block to add a new sender to M365 blacklist;
  4. Specify the list of sender domain names and SMTP addresses that you want to block (up to 20 entries at a time);
  5. In the Remove block entry after field, specify the expiration date after which they will be automatically removed from the blacklist. By default, the entries in this list will expire in 30 days, but you can choose one of the following values: 1 day, 7 days, 30 days, up to 90 days from today, or Never expire;
  6. Click the Add button to add entries to the list.

    Emails from these senders will be marked as high confidence spam (SCL = 9). In addition, users in your organization won’t be able to send email messages to blocked addresses and domains. When sent to these addresses, users will receive an NDR with the text:

    ‘550 5.7.703 Your message can’t be delivered because one or more recipients are blocked by your organization’s tenant recipient block policy’

    You can manage the Exchange Online tenant Allow/Block list with PowerShell. Connect to your Exchange Online organization with the Exchange online PowerShell module:

    On the Tenant Allow/Block Lists page, verify that the Domains & addresses tab is selected.

     

    On the Domains & addresses tab, select  Block.

     

    In the Block domains & addresses flyout that opens, configure the following settings:

     

    Domains & addresses: Enter one email address or domain per line, up to a maximum of 20.

     

    Remove block entry after: Select from the following values:

     

    1 day

    7 days

    30 days (default)

    Never expire

    Specific date: The maximum value is 90 days from today.

    Optional note: Enter descriptive text for why you're blocking the email addresses or domains.

     

    When you're finished in the Block domains & addresses flyout, select Add.

     

    Back on the Domains & email addresses tab, the entry is listed