How to blacklist a domain in Office 365

Log in to your Exchange admin center, and go to mail flow – rules:

Click on the plus icon to create a new rule, and choose Bypass spam filtering:

Note: You can use this same rule to either whitelist or blacklist a domain depending on the options you choose later.


As you can see, there are a lot of options to choose from – we’re going to be blocking by domain, so choose The sender… – domain is:


Add the domain that you’d like blocked, and hit the plus sign to add it to your list:


Then click OK to save your changes:


Your next step is to specify the Spam Confidence Level (SCL): click on Bypass spam filtering:



And set it as high as you want it to be (in this case 9)


Note that if you are trying to whitelist a domain, you would leave the option at Bypass spam filtering which sets its SCL to -1 (see the list below for more details)

For a breakdown of the SCL ratings and what they do, see the image below – clicking on it will take you to the TechNet article.


Next, set the rule to Enforced.


Alternately, you can choose to test the rule before making it live – here’s what the different options do:

  • Enforce   This will turn on the rule and it will start processing messages immediately.
  • Test with Policy Tips   This will turn on the rule, and what would have happened if the rule was enforced is logged in message tracking logs. Exchange doesn’t take any action that will impact the delivery of the message. In addition, senders are notified of the actions the rule will take if the rule contains the Notify the sender with a Policy Tip action.
  • Test without Policy Tips   This will turn on the rule, and what would have happened if the rule was enforced is logged in message tracking logs. Exchange doesn’t take any action that will impact the delivery of the message

From <http://technet.microsoft.com/en-us/library/jj657505(v=exchg.150).aspx>

Note that policy tips only work with Outlook 2013, and will not show up in OWA – make sure that if you plan to test your rule with Policy Tips that you are testing from a system with Outlook 2013

Next, choose an activation date. Note that you need to set a date in the future, so if you want it active today, set the time forward by the next half hour increment, or it will complain about your policy trying to be activated in the past.


I also set the rule to match sender address in message: Header or envelope to make sure that it catches spam that is spoofing as legitimate email.


  • If your rule analyzes the sender address, it only examines the message headers by default. However, you can configure your rule to also examine the SMTP message envelope. To specify what’s examined, click one of the following values for Match sender address in message:
    • Header   Only the message headers will be examined.
    • Envelope   Only the SMTP message envelope will be examined.
    • Header or envelope   Both the message headers and SMTP message envelope will be examined.

From <http://technet.microsoft.com/en-us/library/jj657505(v=exchg.150).aspx>

After that, click Save and you should be good to go.

3 thoughts on “How to blacklist a domain in Office 365

  1. I’ve noticed two of my clients use MS 365 and I’m using Outlook 2010. When they send the files to me, I’m receiving them 4 to 8 hours later. In some cases, I do not receive their files at all. I ran mxtoolbox and it came back with their email being blacklisted before it even gets to my service provider. It happens intermittently (but it always seems to pick the critical times to do it). Has anyone reported this issue to MS? If so, is there a fix to the issue? Any assistance with be greatly appreciated.

    Like

    1. Hi Lisa,
      That IS an odd one – if they’re showing up as blacklisted on MX Toolbox, I doubt that it has anything to do with Microsoft, or Office 365. It’s definitely possible that domains hosted in Office 365 might be getting blacklisted from time to time, but it could be a number of other factors, such as domain spoofing, or someone using phishing to get access and use their domain for spam purposes. Apart from requesting the domain be removed from the blacklist when it happens, I don’t think there’s anything else you can do. 😦

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.