How to Block Senders in Microsoft 365

Clicking on a spam message can cause many problems in an organization. To stop unwanted senders from sending spam emails to your organization, you need to block them. Microsoft has Exchange Online Protection (EOP) as its hygiene solution to combat spam mail. There are different methods to block email addresses and domains in Microsoft 365. In this article, you will learn how to block senders in Microsoft 365.

Table of contents

Blocked senders and domains in Exchange Online Protection

There are multiple methods to block email from unwanted senders with Exchange Online Protection (EOP). Microsoft recommends the following methods in order of most recommended:

  1. Block entries for domains and email addresses in the Tenant Allow/Block List
  2. Use the Blocked Senders list in Outlook
  3. Blocked sender lists or blocked domain lists
  4. Create a mail flow rule (transport rule)
  5. IP Block List (connection filtering)

In this article, we will show you all these methods in a clear step-by-step guide.

Method 1. Tenant Allow/Block List

The most recommended method to block senders from a domain is to use the Tenant Allow/Block list in the Microsoft Defender portal.

To block senders in Microsoft Defender portal, follow these steps:

  1. Sign in to Microsoft Defender
  2. Click Email & collaboration > Policies & rules
  3. Click Threat policies
Microsoft Defender threat policies
  1. Click Tenant Allow/Block Lists
Microsoft Defender Tenant Allow/Block Lists
  1. Click the tab Domain & addresses
  2. Click + Block
Microsoft Defender Tenant Allow/Block Lists Block
  1. Type email addresses or domains you want to block
  2. Select the days in Remove block entry after
  3. Click Add

Note: Never put domains that you own or common domains such as microsoft.com and office.com onto the Allow and Block Lists.

Microsoft Defender Block domains & addresses
  1. Confirm you see the email addresses and domains in the list
Tenant Allow/Block Lists to block senders in Microsoft 365

Important: It can take 15 minutes before it’s updated in the Microsoft cloud servers before the changes take effect.

Method 2. Blocked Senders list in Outlook

If some users in your organization receive spam or unwanted email, you can use the Blocked Senders list in Outlook. You can add the unwanted email address or domain to the Blocked Senders list in the mailbox with PowerShell.

You must first Connect to Exchange Online PowerShell to run the below PowerShell command.

Connect-ExchangeOnline

In our example, we will add the unwanted email addresses for the user (Amanda.Hansen@m365info.com) to the Blocked Senders list in their Outlook.

Use the PowerShell command below to add multiple email addresses to the Blocked Senders list for a single mailbox.

Set-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com" -BlockedSendersAndDomains "admin.spammer@gmail.com", "spamming@report.com"

To add an email address to the Blocked Senders list for multiple mailboxes, use the below PowerShell command.

Get-Mailbox -ResultSize Unlimited | Set-MailboxJunkEmailConfiguration -BlockedSendersAndDomains "admin.spammer@gmail.com", "spamming@report.com"

Check Outlook to verify you blocked these email addresses in the Blocked Senders list of a single mailbox.

  1. Open Outlook
  2. Click the Home tab
  3. Click Junk > Junk E-mail Options
Verify Blocked Senders in Outlook Junk Email Options
  1. Click Blocked Senders
  2. Verify the email addresses are on the list
Verify Blocked Senders in Outlook Junk Email Options

Read more about Manage Safe Senders and Block Sender Lists using PowerShell.

Method 3. Use blocked sender or blocked domain lists

The next method is to use the anti-spam policies in Microsoft 365 Defender to block senders and domains by adding them to a list.

It’s best not to use the default anti-spam policies and keep their default settings. Therefore, we will create a new inbound anti-spam policy.

To create a new anti-spam policy in Microsoft Defender portal, follow these steps:

  1. Sign in to Microsoft Defender
  2. Click Email & collaboration > Policies & rules
  3. Click Threat policies
Microsoft Defender Threat policies
  1. Click Anti-spam
Microsoft Defender Threat policies Anti-Spam
  1. Click Create policy > Inbound
Create new anti-spam policy inbound
  1. Name your policy
  2. Click Next
Name your custom anti-spam policy to block senders
  1. Include your domains
  2. Click Next
Include users, groups, and domains in this policy
  1. Keep the default settings in Bulk email threshold & spam properties
  2. Click Next
Bulk email threshold & spam properties default settings
  1. Keep the default settings in Actions
  2. Click Next
Set your actions for this policy
  1. Click Manage 0 sender(s)
  2. Click Add senders
  3. Type the sender addresses
  4. Click Done
Manage blocked senders to the list in Microsoft 365
  1. Click Block domains
  2. Click Add domains
  3. Type the domains
  4. Click Done
Manage blocked domains to the list
  1. Click Next
Choose Allow & Block list
  1. Review and click Create
Review and create new policy to block senders in Microsoft 365
  1. Verify the new anti-spam policy is on the list with the status On
Verify new anti-spam policy is created and status on

Read more about How to block Top-Level Domain in Microsoft 365.

Method 4. Create Mail flow rule

You can also create a mail flow rule, also known as a transport rule, in the Exchange admin center.

To create a mail flow in Exchange admin center, follow these steps:

  1. Sign in to Exchange admin center
  2. Click Mail flow > Rules
  3. Click + Add a rule
  4. Select Create a new rule
Exchange admin center create new mail rule
  1. Name the rule
  2. Apply this rule if The sender > domain is
  3. Specify domain (spamdomain.com)
  4. Do the following Modify the message properties > set the spam confidence level (SCL)
  5. Specify SCL 9
  6. Click Next
Set rule conditions mail flow rule EAC
  1. Click Enforce
  2. Add the article URL to the Comments
  3. Click Next
Set rule settings for mail flow rule in EAC
  1. Click Finish
  2. The transport rule is created successfully
Review and finish the transport rule
  1. Click the newly created mail flow rule in the list
  2. Click Enabled
Enable the newly created mail flow rule to block senders in Microsoft 365

Method 5. IP Block list

The least recommended method is to add an IP address to the connection filter policy in Microsoft 365 Defender. This will block unwanted spam emails from specific IP addresses.

The disadvantage is that SMTP servers change IP addresses, so if you block one now, you can still get spam from another SMTP server. Also, every sender from that IP address will be blocked.

To block IP addresses in Microsoft Defender portal, follow these steps:

  1. Sign in to Microsoft Defender
  2. Click Email & collaboration > Policies & rules
  3. Click Threat policies
Microsoft Defender Theat policies
  1. Click Anti-spam
Microsoft Defender Theat policies Anti-spam
  1. Click Connection filter policy (Default)
  2. Click Edit connection filter policy
Anti-spam connection filter policy
  1. Type IP address in Always block messages from the following IP address or address range
  2. Click Save
Always block messages from the following IP address save
  1. Verify the IP address is on the IP block list
Verify IP Block list connection filter policy

That’s it!

Read more: Block Microsoft 365 user sign-in »

Conclusion

You learned how to block senders in Microsoft 365 using different methods. The most recommended method to block entries for domains and email addresses is to use the Tenant Allow/Block Lists in Microsoft Defender. However, if that option doesn’t work for you, choose another method when blocking unwanted senders in your organization.

Did you enjoy this article? You may also like Configure Microsoft 365 quarantine retention period to 30 days. Don’t forget to follow us and share this article.

o365info Team

o365info Team

This article was written by our team of experienced IT architects, consultants, and engineers.

X Twitter

What Others Are Reading

This Post Has One Comment

  1. Excellent Review

    One question, what is the difference between ‘Tenant Allow/Block List’ and ‘Use blocked sender or blocked domain lists’?

    Thanks in advance.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *