Create a domain or user-based safe sender or blocked sender list

Exchange 2013
 

Applies to: Exchange Online, Exchange Online Protection

Topic Last Modified: 2015-08-07

If you want to be sure that you receive mail from a particular sender, because you trust them and their messages, you can adjust your allow list in a spam filter policy in the Exchange admin center (EAC) at Protection > Spam filter. Learn more about this at Configure your spam filter policies. Another option would be create an Exchange transport rule that works like the domain or user-based allow list in the spam filter. You can block messages sent from a particular domain or user in a similar manner too.

A transport rule would be useful in this situation if you need to filter for complex criteria such as checking message headers or the names of attachments or if you want to add complex actions such as adding a disclaimer to the message or applying a time period where the rule is active. However, the preferred method to make sure emails from a specific sender or domain bypass your spam filter is to add them to your spam filter policy. Get started with this in the EAC by going to Protection > Spam filter. Learn more at Configure your spam filter policies.

TipTip:
A domain-based list in a transport rule isn’t as secure as an IP address-based list, because domains can be spoofed. Also, if the sending IP address is on a Block list, it will still be blocked even if filtering for the domain or user is being bypassed. This is because a transport rule on a domain or user does not override the global IP Block list. We recommend using an IP address-based list in most cases. To create an IP address-based list, you can use the IP Allow list or IP Block list in the connection filter. Any messages sent from these IP addresses aren’t checked by the content filter. For instructions on how to configure the connection filter policy by adding IP addresses to the IP Allow list or IP Block list, see Configure the connection filter policy.

For additional management tasks related to transport rules, see Mail flow or transport rules.

  1. In the EAC, go to Protection > Spam filter.

  2. On the general page, do one of the following:

    • Double-click the default policy or an existing policy in order to start editing it.

    • Click New in order to create a new custom spam-filter policy that can be applied to users, groups, and domains in your organization.

  3. On the Allow Lists page, you can specify entries, such as senders or domains, that will always be delivered to the inbox. Email from these entries is not processed by the spam filter. Do the following:

    • Add trusted senders to the Sender allow list. Click Add, and then in the selection dialog box, add the sender addresses you wish to allow. You can separate multiple entries using a semi-colon or a new line. Click ok to return to the Allow Lists page.

    • Add trusted domains to the Domain allow list. Click Add, and then in the selection dialog box, add the domains you wish to allow. You can separate multiple entries using a semi-colon or a new line. Click ok to return to the Allow Lists page.

    WarningWarning:
    If you allow top-level domains, it's likely that email you don't want will be delivered to an inbox.
  4. On the Block Lists page, you can specify entries, such as senders or domains, that will always be marked as spam. The service will apply the configured high confidence spam action on email that matches these entries.

    • Add unwanted senders to the Sender block list. Click Add Add Icon, and then in the selection dialog box, add the sender addresses you want to block. You can separate multiple entries using a semi-colon or a new line. Click Ok to return to the Block Lists page.

    • Add unwanted domains to the Domain block list. Click Add Add Icon, and then in the selection dialog box, add the domains you want to block. You can separate multiple entries using a semi-colon or a new line. Click Ok to return to the Block Lists page.

    WarningWarning:
    If you block top-level domains, it's likely that email you want will be marked as spam.

  • Estimated time to complete: 15 minutes

  • You don't need to create a transport rule to bypass spam filtering or mark email as spam for a sender or domain. Use the Exchange Online Protection block and allow lists in a spam policy instead of this transport rule if you simply want to block or allow a specific sender or domain and not attach any extra conditions. Learn more about this at Configure your spam filter policies.

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Transport rules" entry in the Messaging policy and compliance permissions topic.

  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

TipTip:
Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server, Exchange Online, or Exchange Online Protection.

  1. In the EAC, navigate to Mail flow > Rules. Choose Add Add Icon and then choose Bypass spam filtering.

  2. Give the rule a name. Under Apply this rule if, choose The sender and then select one of the following conditions:

    • If you want to specify a domain, choose domain is. In the Specify domain dialog box, enter the domain of the sender you want to designate as safe, such as contoso.com. Add Add Icon to move it to the list of phrases. Repeat this step if you want to add additional domains, and click OK when you are finished.

    • If you want to specify a user, choose is this person. In the Select members dialog box, add the user from the list or type the user and click Check names. Repeat this step if you want to add additional users, and click OK when you are finished.

  3. Select the Stop processing more rules check box to ensure that no other rule can reverse the bypass action

  4. For the Match sender address in message option, select Header or envelope.

  5. If you’d like, you can make selections to audit the rule, test the rule, activate the rule during a specific time period, and other selections. We recommend testing the rule for a period of time before enforcing it in your organization. For more information about these selections, see Manage mail flow rules.

  6. Choose Save to save the rule.

After you create and enforce the rule, spam filtering is bypassed for the domain or user you specified.

  1. In the EAC, navigate to Mail flow > Rules. Choose Add Add Icon and then choose Create a new rule.

  2. Give the rule a name and then click More options.

  3. Under Apply this rule if, choose The sender and then select one of the following conditions:

    • If you want to specify a domain, choose domain is. In the Specify domain dialog box, enter the sender domain from which you want to block messages, such as contoso.com. Click Add Add Icon to move it to the list of phrases. Repeat this step if you want to add additional domains, and click OK when you are finished.

    • If you want to specify a user, choose is this person. In the Select members dialog box, add the user from the list or type the user and click Check names. Repeat this step if you want to add additional users, and click OK when you are finished.

  4. Under Do the following, choose Block the message and then click one of the other options such as Delete the message without notifying anyone.

  5. Click More options, and then for the Match sender address in message option, select Header or envelope.

  6. If you’d like, you can make selections to audit the rule, test the rule, activate the rule during a specific time period, and other selections. We recommend testing the rule for a period of time before enforcing it in your organization. For more information about these selections, see Manage mail flow rules.

  7. Choose Save to save the rule.

After you create and enforce the rule, any messages sent from the domain or user you specify will be blocked.

 
Show: