Sometimes it’s necessary to block unwanted email from senders. There are several methods available to choose from. These options include Outlook Blocked Senders, Anti-Spam Sender/Domain Block Lists, IP Block Lists, and Exchange Transport Rules (ETRs, which are also known as mail flow rules).
Options from least to broad scope
When creating a Block list, it's important to pick the appropriate method based on the scope of the impact (how many people will be impacted), so that it matches the breadth of the blocking method. The options listed below are ranked by both scope and breadth. The list goes from narrow to broad, but read the specifics for full recommendations.
Outlook Blocked Senders
Anti-Spam policy: Sender/Domain Block lists
Exchange Transport Rules (ETRs also called mail-flow rules)
Anti-Spam policy: IP Block Lists
For this article, we are going to focus on Anti-Spam policy: IP block lists to create block sender lists.
Things To Know Before We Begin
You need to have appropriate permissions before you begin.
To obtain the IP address of the sender whose messages you want to allow or block, you can check the Internet header of the message. Look for the CIP header as described in Anti-spam message headers. To view a message header in various email clients, use Message Header Analyzer.
Email messages sent from an IP address on the IP Block list are rejected, not marked as spam, and no additional filtering occurs.
The following connection filter procedure can also be performed via remote PowerShell.
Using Anti-Spam Policy: IP Block Lists
Go to your Office Portal and select Admin app (this will only be visible if you are an admin in your organization).
In the Exchange Admin Center (EAC), navigate to Protection > Connection filter, and then double-click the default policy.
Click the Connection filtering menu item. Click on ‘+’ sign, a dialog box appears. Specify the names of IP addresses needed, and then Click OK. Repeat this process to add additional addresses. (You can also edit or remove IP addresses after they have been added.)
IP addresses can only be written in the box in IPV4 IP address in the format nnn.nnn.nnn.nnn where nnn is a number from 0 to 255, or Classless Inter-Domain Routing (CIDR) ranges in the format nnn.nnn.nnn.nnn/rr where rr is a number from 24 to 32.
Optionally, select the Enable safe list check box to prevent missing email from certain well-known senders. How? Microsoft subscribes to third-party sources of trusted senders. Using this safe list means that these trusted senders aren't mistakenly marked as spam. We recommend selecting this option because it should reduce the number of false positives (good mail that's classified as spam) that you receive.
Click Save. A summary of your default policy settings appears in the right pane.