Applies to: Exchange Server 2010

Topic Last Modified: 2011-03-19

Use the Update-SafeList cmdlet to update the safelist aggregation data in Active Directory. Safelist aggregation data is used in anti-spam filtering in Microsoft Exchange Server 2010. EdgeSync replicates safelist aggregation data to computers that have the Edge Transport server role installed.

Update-SafeList -Identity <MailboxIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-EnsureJunkEmailRule <SwitchParameter>] [-IncludeDomains <SwitchParameter>] [-Type <SafeSenders | SafeRecipients | Both>] [-WhatIf [<SwitchParameter>]]

Parameter Required Type Description




The Identity parameter specifies the Outlook user mailbox from which you want to collect safelist aggregation data. Valid input for this parameter includes the following values:

  • GUID
  • Distinguished name (DN)
  • Domain\Account
  • User principal name (UPN)
  • LegacyExchangeDN
  • SmtpAddress
  • Alias




The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.




The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.




The EnsureJunkEmailRule parameter specifies whether to force the junk e-mail rule to be turned on for the mailbox if the rule isn't turned on already.

The junk e-mail rule can only be created after the user logs on to the mailbox. If the user has never logged on to the mailbox, this parameter can't turn on the junk e-mail rule.




The IncludeDomains parameter specifies whether to include the sender domains specified by users in Outlook in the safelist aggregation data. By default, domains specified by the senders aren't included.

In most cases, we don't recommend that you include domains because users may include the domains of large Internet service providers (ISPs), which could unintentionally provide addresses that may be used or spoofed by spammers.




The Type parameter specifies which user-generated list is updated to the user object. Valid values for this parameter are SafeSenders, SafeRecipients, and Both. The default value is SafeSenders.

In Exchange 2010, the safelist aggregation feature doesn't act on Safe Recipients List data. We don't recommend running the Type parameter with the SafeRecipients or Both values.




The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

The Update-SafeList cmdlet reads the safelist aggregation data stored on a Microsoft Office Outlook user mailbox and then hashes and writes the data to the corresponding user object in Active Directory. Safelist aggregation data contains the Outlook user's Safe Senders List and Safe Recipients List.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "SafeList aggregation" entry in the Transport Permissions topic.

This example updates Safe Senders List data for the single user kim@contoso.com.

Update-Safelist -Identity kim@contoso.com

This example updates safelist data for all user mailboxes in your Exchange organization. By default, the Exchange Management Shell is configured to retrieve or modify objects that reside in the domain in which the Exchange server resides. Therefore, to retrieve all the mailboxes in your Exchange organization, you must first set the scope of the Shell to the entire forest using the Set-AdServerSettings cmdlet. For more information, see Set-AdServerSettings.

Set-AdServerSettings -ViewEntireForest $true
Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Update-Safelist