Get-TenantAllowBlockListSpoofItems

This cmdlet is available only in the cloud-based service.

Use the Get-TenantAllowBlockListSpoofItems cmdlet to view spoofed sender entries in the Tenant Allow/Block List.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Get-TenantAllowBlockListSpoofItems
   [[-Identity] <HostedConnectionFilterPolicyIdParameter>]
   [-Action <String>]
   [-SpoofType <String>]
   [<CommonParameters>]

Description

The Get-TenantAllowBlockListSpoofItems cmdlet returns the following information:

  • Identity: A random Guid assigned to the spoof pair. This will be used as an Id parameter while updating or deleting the spoof pair using Set-TenantAllowBlockListSpoofItems and Remove-TenantAllowBlockListSpoofItems.
  • SpoofedUser: The sending email address if the domain is one of your organization's domains or the sending domain if the domain is external.
  • SendingInfrastructure: The true sending domain that's found in the DNS record of the source email server. If no domain is found, the source email server's IP address is shown.
  • SpoofType: Indicates whether the domain is internal to your organization or external.
  • Action: The two possible values are Allow (messages that contain any spoofed sender email addresses in your organization are allowed from the source email server) or Block (messages that contain any spoofed sender email addresses in your organization are not allowed from the source email server).

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.

Examples

Example 1

Get-TenantAllowBlockListSpoofItems -SpoofType Internal

This example returns the list of internal spoof pairs.

Example 2

Get-TenantAllowBlockListSpoofItems -Action Block

This example returns the list of blocked spoof pairs.

Example 3

Get-TenantAllowBlockListSpoofItems | Format-Table SpoofedUser,SendingInfrastructure,SpoofType,Action

This example returns the list of spoof pairs that appear to be sending spoofed email to your organization.

Example 4

$file = "C:\My Documents\Spoof Tenant Allow Block List.csv"

Get-TenantAllowBlockListSpoofItems | Export-Csv $file

This example exports the same list of spoofed pairs to a CSV file.

Parameters

-Action

The Action parameter filters the results by action type. Valid values are:

  • Allow
  • Block
Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Security & Compliance, Exchange Online Protection

-Identity

The Identity parameter is available but isn't used.

Type:HostedConnectionFilterPolicyIdParameter
Position:0
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Exchange Online, Security & Compliance, Exchange Online Protection

-SpoofType

The SpoofType parameter filters the results by spoof type. Valid values are:

  • External
  • Internal
Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Security & Compliance, Exchange Online Protection