Safe sender and blocked sender lists FAQ
Applies to: Exchange Online Protection, Exchange Online
Topic Last Modified: 2014-06-12
This topic provides frequently asked questions and answers about safe sender and blocked sender lists. Answers are applicable for Microsoft Exchange Online and Exchange Online Protection customers.
Q. What is a safe sender list?
A. An email safe sender list is a list of contacts who are considered safe senders and whose messages therefore do not need to be spam filtered by the service.
Q. What is a blocked sender list?
A. An email blocked sender list is a list of contacts who are considered unsafe senders and whose messages are blocked by the service.
Q. How can I include a sender in a safe sender or a blocked sender list?
A. There are several options available:
Connection filter: If you know the IP address from which the user is sending messages, you can add their IP address to a connection filter IP Allow list or an IP Block list. For more information about how to do this, see Configure the Connection Filter Policy. This topic also describes how you can create an Exchange Transport rule to specify a CIDR range that falls outside of the recommended range (/32 to /24), and how you can create a Transport rule to create an IP Allow list exception for a specific domain.
Exchange Transport rules: You can also create an Exchange Transport rule that:
Allows messages through and bypasses spam filtering for specific domains, or for specific users.
Blocks messages sent from specific domains or from specific users.
Tip: Creating an IP Allow list or an IP Block list via the connection filter is typically preferred to creating a Transport rule, because domains can be spoofed. Also, if the sending IP address is on the global IP block list., it will be blocked even if filtering for the domain or user is being bypassed. This is because a Transport rule on a domain or user doesn’t override the global IP block list.
For more information, see Create a domain or user-based safe sender or blocked sender list using transport rules.
Microsoft Outlook and Outlook Web App (OWA): End users can add specific users or domains to a safe sender list or a blocked sender list by configuring their junk email settings. Note that messages that are sent from blocked senders are marked as spam, not rejected, meaning that they can be retrieved from the Junk Email folder or quarantine (depending on your configuration.) For more information, see the following links:
If your company has existing user accounts in an on-premises Active Directory environment, you can synchronize the account information to the service. For example, when you run directory synchronization, any safe sender or blocked sender lists created and managed using Outlook are propagated to the service. By using the directory synchronization tool, the service uses your user’s safe sender list or blocked sender lists the same way as if they were being managed directly on-premises. What this means is that messages sent from Outlook synced safe senders will pass through the service without being spam filtered, whereas messages sent from synced blocked senders will be marked as spam. For more information about setting up directory synchronization, see “Use directory synchronization to manage mail users” in Manage mail users in EOP.
If your company is configuring safe sender or blocked sender lists using OWA in conjunction with Exchange Online, any updates to your user’s lists are automatically picked up and implemented by the service.
Tip: When using a safe sender list in Outlook, it is helpful to understand how the processing works, and how the processing in Outlook differs from the service. In particular, when forwarding an email through the service on behalf of someone else, which is most likely to occur for bulk mailings, you may not get the results you’d expect. To read more about this, and to find out a solution to this potential problem, see Manage safe sender lists for bulk mailers.