To prevent spam, spoofing, phishing attacks, and other email security risks from your domain, it's…
How to block Top-Level Domain in Microsoft 365
Organizations get numerous unwanted emails from various domains in their junk mail. It’s best to block all these emails by blocking the Top-Level Domain URL or domain URL in their message. You can configure this feature in the Microsoft 365 Defender portal or Exchange Online PowerShell. In this article, you will learn how to block a URL Top-Level Domain in Microsoft 365.
Table of contents
What is Top-Level Domain (TLD)?
A Top-Level Domain (TLD) represents the first stop after the root zone. So, a TLD is everything that follows the final dot of a domain name. For example, our domain name is m365info.com, where the TLD is .com.
Microsoft allows you to block a URL Top-Level Domain used in an email message. It does not mean you can block the Top-Level Domain these people sent their emails from. If the sender mentions the Top-Level Domain in the message, the email will be quarantined.
Note: When you block a TLD, it will only apply to people sending emails from outside the organization. So it will not block emails that contain a TLD in their message when sent between internal recipients in an organization.
Let’s say you blocked the Top-Level Domain .dk in your organization. It means you will not receive any emails that mention the letters .dk in the message. The sender can still send an email from a Top-Level Domain that contains .dk as long as it does not type .dk in the email message.
Recommended Top-Level Domains to block
There are several Top-Level Domains your organization should block. Spamhaus collects the most abused Top-Level Domains and updates its top 10 worst TLDs daily.
Number | Top-Level Domain |
---|---|
1 | .ಭಾರತ (xn--2scrj9c) |
2 | .live |
3 | .cn |
4 | .degree |
5 | .boats |
6 | .fyi |
7 | .zone |
8 | .haus |
9 | .gq |
10 | .top |
Block URL Top-level Domain in Microsoft 365 Defender
To block a Top-Level Domain URL in Microsoft 365, follow these steps:
- Sign in to Microsoft 365 Defender portal
- Click on Email & collaboration > Policies & rules
- Choose Threat policies
- Select Tenant Allow/Block Lists
- Select URLs
- Click Block
- Add URLs with wildcards (*.com/*, *.live/*)
- Select Never expire
- Click Add
Note: You can also block a Domain instead of a Top-Level Domain. For example, gmail.com.
- Confirm you see the Top-Level Domain value in the list
Important: It can take 15 minutes before it’s updated in the Microsoft cloud servers before the changes take effect.
Block Top-Level Domain with PowerShell
We will show you how to block a Top-Level Domain with Exchange Online PowerShell.
First, you need to Connect to Exchange Online PowerShell. Open Windows PowerShell as administrator, run the below cmdlet, and sign in with your admin credentials.
Connect-ExchangeOnline
Option 1: Block Top-Level Domain with PowerShell
Run the below PowerShell command example to block a TLD with no expiration date. It will block email messages that contain the Top-Level Domain .com.
New-TenantAllowBlockListItems -ListType Url -Block -Entries "*.com/*" -NoExpiration
The below PowerShell command example blocks multiple TLDs with no expiration date.
New-TenantAllowBlockListItems -ListType Url -Block -Entries "*.com/*", "*.live/*" -NoExpiration
Option 2: Block Domain with PowerShell
Run the below PowerShell command example to block a domain with no expiration date. It will block email messages that contain the domain outlook.com, such as www.sub.outlook.com or outlook.com/test.
New-TenantAllowBlockListItems -ListType Url -Block -Entries "outlook.com" -NoExpiration
The below PowerShell command example blocks multiple domains with no expiration date.
New-TenantAllowBlockListItems -ListType Url -Block -Entries "outlook.com", "gmail.com" -NoExpiration
Get Tenant Allow/Block list with PowerShell
Display a list of all blocked and allow TLDs and Domains.
Run the below PowerShell command.
Get-TenantAllowBlockListItems -ListType Url | ft
The output will show the Tenant Allow/Block List with all the values (URLs).
Error Identity Value Action Notes SubmissionID ListSubType SysManaged LastModifiedDateTime
----- -------- ----- ------ ----- ------------ ----------- ---------- -----------------
RgAAAABeMrqDJzLFRJUcFHeVMA0OBwDht8mD3XfHQbfDlGMujvwUAAASkZLVAADht8mD3XfHQbfDlGMujvwUAAAZHSF2AAAA0 gmail.com Allow fff419f5-f9f0-41e6-56ee-08dbf2b46cc8 Submission True 22/12/2023 22.28.55
RgAAAABeMrqDJzLFRJUcFHeVMA0OBwDht8mD3XfHQbfDlGMujvwUAAASkZLVAADht8mD3XfHQbfDlGMujvwUAAAZHSF1AAAA0 *.live/* Block Non-Submission Tenant False 22/11/2023 22.08.03
RgAAAABeMrqDJzLFRJUcFHeVMA0OBwDht8mD3XfHQbfDlGMujvwUAAASkZLVAADht8mD3XfHQbfDlGMujvwUAAAZHSF0AAAA0 *.com/* Block Non-Submission Tenant False 22/11/2023 22.08.03
RgAAAABeMrqDJzLFRJUcFHeVMA0OBwDht8mD3XfHQbfDlGMujvwUAAASkZLVAADht8mD3XfHQbfDlGMujvwUAAAZHSFzAAAA0 outlook.com Block Non-Submission Tenant False 22/11/2023 22.17.45
Display a list of all blocked TLDs and Domains.
Run the below PowerShell command.
Get-TenantAllowBlockListItems -ListType Url -Block | ft
The output shows the Tenant Block List with the values (URLs).
Error Identity Value Action Notes SubmissionID ListSubType SysManaged LastModifiedDateTime ExpirationDate
----- -------- ----- ------ ----- ------------ ----------- ---------- -------------------- --------------
RgAAAABeMrqDJzLFRJUcFHeVMA0OBwDht8mD3XfHQbfDlGMujvwUAAASkZLVAADht8mD3XfHQbfDlGMujvwUAAAZHSF1AAAA0 *.live/* Block Non-Submission Tenant False 22/11/2023 22.08.03
RgAAAABeMrqDJzLFRJUcFHeVMA0OBwDht8mD3XfHQbfDlGMujvwUAAASkZLVAADht8mD3XfHQbfDlGMujvwUAAAZHSF0AAAA0 *.com/* Block Non-Submission Tenant False 22/11/2023 22.08.03
RgAAAABeMrqDJzLFRJUcFHeVMA0OBwDht8mD3XfHQbfDlGMujvwUAAASkZLVAADht8mD3XfHQbfDlGMujvwUAAAZHSFzAAAA0 outlook.com Block Non-Submission Tenant False 22/11/2023 22.17.45
Check URL blocked TLD message quarantined
Send an email with the blocked URL Top-Level Domain in the message.
Note: If the TLD appears in the subject, it will not block it. It will only block TLDs in the message body.
See the below example.
Check if your email status is quarantined in Microsoft Defender:
- Sign in to Microsoft 365 Defender portal
- Click on Email & collaboration > Review
- Choose Quarantine
- See the Email quarantine list, and you will find the message that is blocked
That’s it!
Read more: Find Microsoft 365 tenant domain name »
Conclusion
You learned how to block a Top-Level Domain in Microsoft 365. Protect your organization from unwanted junk emails, and add the URL Top-Level Domains in the Microsoft Defender or with Exchange Online PowerShell. This will block all emails with a URL Top-Level Domain written in their message body and set them in quarantine.
Did you enjoy this article? You may also like How to find Microsoft 365 MX record. Don’t forget to follow us and share this article.
Wonderful!👌
Is blocking url block email with this top domain too ?
Exemple, .live does it will block email coming from *@domain.live ?
Thank
That’s correct.
But this will only block when it appears the messages in the body. If you want to block it from the sender address, read the article How to block Top-Level Domain (TLD) in Microsoft 365.
Great article! Thank’s for this!