Skip to main content

Importing Large White and Black lists into Office 365 Exchange Online Protection using Powershell

By June 16, 2014September 9th, 2020Blog, Hot Technology Topics, Office 365, Office 365

When migrating to Office 365 and setting up Exchange Online Protection (EOP), you may find that you have a large list of allowed and blocked email addresses and domains to configure.  EOP has a straight forward GUI for doing this, but it can become tedious if you have more than 20 or so.

The easiest way to accomplish this is to use the New-TransportRule powershell command.

First I would recommend exporting your domains and email addresses into two documents, one for allowed and one for denied, you can then use this data to easily build your new transport rule.

Accepted Domains and Senders

First, connect to your Office 365 Tenant using Windows Powershell.  Start > All Programs > Accessories > Windows Powershell

Next use the following commands to connect to your tenant:

$UserCredential = Get-Credential

<Enter your office 365 administrator credentials in the pop up>

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $UserCredential -Authentication Basic –AllowRedirection

Import-PsSession $session

At this point you are connected to your Exchange Online Powershell.

Now enter this command to build your transport rule.  Keep in mind that if you have a large number of domains or email address, each rule cannot exceed 4096 characters, so you will have to create multiple rules to accommodate this.  I broke my rules up into “Accepted Domains A-J”, “Accepted Domains L-Z”.

New-TransportRule “Accepted Domains” –SenderDomainIs “<domain1.com>”,”<domain2.com>” -SetSCL -1 -StopRuleProcessing $True

Now you can do a Get-TransportRule |fl and view your new rule.  The heart of this rule is the SetSCL -1.  This variable sets the spam filtering score to -1, which means that it is a trusted sender.

If you have a list of specific email addresses, you will need to replace –SenderDomainIs with –From”

New-TransportRule “Accepted Senders” –From “name@email.com“,”name2@email.com” -SetSCL -1 -StopRuleProcessing $True

Blocked Domains and Senders

Blocking domains and senders is a similar command, but with slightly different arguments.  First we will create a rule to block sender domains:

New-TransportRule “Blocked Domains” –SenderDomainIs “<domain1.com>”,”<domain2.com>” –DeleteMessage $True –StopRuleProcessing $True

New-TransportRule “Blocked Senders” – From “name@email.com“,”name2@email.com” –DeleteMessage $True –StopRuleProcessing $True

These two rules will as they appear, delete any message from the specified sender or domain name.

Josef Hanning, PEI

One Comment

Leave a Reply