Safe sender and blocked sender lists FAQ
Applies to: Exchange Online Protection, Exchange Online
Topic Last Modified: 2014-08-18
This topic provides frequently asked questions and answers about safe sender and blocked sender lists. Answers are applicable for Microsoft Exchange Online and Exchange Online Protection customers.
Q. What is a safe sender list?
A. An email safe sender list is a list of contacts who are considered safe senders and whose messages therefore do not need to be spam filtered by the service.
Q. What is a blocked sender list?
A. An email blocked sender list is a list of contacts who are considered unsafe senders and whose messages are blocked by the service.
Q. How can I include a sender in a safe sender or a blocked sender list?
A. There are several options available:
Connection filter: If you know the IP address from which the user is sending messages, you can add their IP address to a connection filter IP Allow list or an IP Block list. For more information about how to do this, see Configure the connection filter policy. This topic also describes how you can create an Exchange Transport rule to specify a CIDR range that falls outside of the recommended range (/32 to /24), and how you can create a Transport rule to create an IP Allow list exception for a specific domain.
Exchange Transport rules: You can also create an Exchange Transport rule that:
Allows messages through and bypasses spam filtering for specific domains, or for specific users.
Blocks messages sent from specific domains or from specific users.
Tip: Creating an IP Allow list or an IP Block list via the connection filter is typically preferred to creating a Transport rule, because domains can be spoofed. Also, if the sending IP address is on the global IP block list, it will be blocked even if filtering for the domain or user is being bypassed. This is because a Transport rule on a domain or user doesn’t override the global IP block list.
For more information, see Create a domain or user-based safe sender or blocked sender list using transport rules.
Microsoft Outlook and Outlook Web App (OWA): End users can add specific users or domains to a safe sender list or a blocked sender list by configuring their junk email settings. Note that messages that are sent from blocked senders are marked as spam, not rejected, meaning that they can be retrieved from the Junk Email folder or quarantine (depending on your configuration.) For more information, see the following links:
If your company has existing user accounts in an on-premises Active Directory environment, you can synchronize the account information to the service. For example, when you run directory synchronization, any safe sender or blocked sender lists created and managed using Outlook or OWA are propagated to the service. By using the directory synchronization tool, the service uses your user’s safe sender list or blocked sender lists the same way as if they were being managed directly on-premises. What this means is that messages sent from Outlook or OWA synced safe senders will pass through the service without being spam filtered, whereas messages sent from synced blocked senders will be marked as spam. Note that it may take up to 3 hours for any changes to your synced safe or blocked senders lists to take effect. For more information about setting up directory synchronization, see “Use directory synchronization to manage mail users” in Manage mail users in EOP.
If your company is configuring safe sender or blocked sender lists using Outlook or OWA in conjunction with Exchange Online, any updates to your user’s lists are automatically picked up and implemented by the service.