Importing large White and Blacklists into Exchange Online Protection using Powershell


To totally unlock this section you need to Log-in


Login

When migrating to Office 365 and setting up Exchange Online Protection (EOP), you may find that you have a large list of allowed and blocked email addresses and domains to configure. EOP has a straight forward GUI for doing this, but it can become tedious if you have more than 20 or so.

The easiest way to accomplish this is to use the New-TransportRule powershell command.

First I would recommend exporting your domains and email addresses into two documents, one for allowed and one for denied, you can then use this data to easily build your new transport rule.

Accepted Domains and Senders

First, connect to your Office 365 Tenant using Windows Powershell. Start > All Programs > Accessories > Windows Powershell.

Next use the following commands to connect to your tenant:

$UserCredential = Get-Credential

{Enter your office 365 administrator credentials in the pop up}
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $UserCredential -Authentication Basic –AllowRedirection
Import-PsSession $session

At this point you are connected to your Exchange Online Powershell.

Now enter this command to build your transport rule. Keep in mind that if you have a large number of domains or email address, each rule cannot exceed 4096 characters, so you will have to create multiple rules to accommodate this. You can break your rules up into “Accepted Domains A-J”, “Accepted Domains L-Z”.

New-TransportRule “Accepted Domains” –SenderDomainIs “”,”” -SetSCL -1 -StopRuleProcessing $True

Now you can do a Get-TransportRule | fl and view your new rule. The heart of this rule is the SetSCL -1. This variable sets the spam filtering score to -1, which means that it is a trusted sender.

If you have a list of specific email addresses, you will need to replace –SenderDomainIs with –From:

New-TransportRule “Accepted Senders” –From “[email protected]“,”[email protected]” -SetSCL -1 -StopRuleProcessing $True

Blocked Domains and Senders

Blocking domains and senders is a similar command, but with slightly different arguments. First we will create a rule to block sender domains:

New-TransportRule “Blocked Domains” –SenderDomainIs “<domain1 .com>”,”<domain2 .com>” –DeleteMessage $True –StopRuleProcessing $True

New-TransportRule “Blocked Senders” – From “[email protected]“,”[email protected]” –DeleteMessage $True –StopRuleProcessing $True

These two rules will as they appear, delete any message from the specified sender or domain name.