none
How to I block inbound mail from a top level domain?

    Question

  • I am unable to support an edge server so I must resort to what I can do with Exchange Power Shell. I am using commands like:

         Set-SenderFilterConfig -BlockedDomainsAndSubdomains @{Add="adressen-mails.net"}

    I have executed the above command with extensions like: @{Add="stream"} and @{Add="steam"} etc.

    This command does not seem to block top level domains like "stream", "faith", "trade", "info", "top", etc.

    I am certain that you all have seen these in your spam.

    I am wondering if I am inputing these in the wrong form? (i.e. should I have entered : ".faith" or "*.bid", etc.) I have found conflicting instruction; one reference says you can use wild-card. Another says wild cards are not permitted.

    I should probabily also note that when I quiry to see what is blocked, I get:

    [PS] C:\Windows\system32>Get-SenderFilterConfig | Format-List BlockedSenders,BlockedDomains,BlockedDomainsAndSubdomains


    BlockedSenders               : {}
    BlockedDomains              : {stream}
    BlockedDomainsAndSubdomains : {adressen-mails.net, qq.com, faith, trade, parceldeliverykey.com, route2.pe.ca,
                                  emediausa.com, leafywallet.com, accountant, gsafl12.com, asanty.net, contentedmomma.com,
                                  sczhdjs.net, bayrontoro.com, info, top...}

    Question: is there a way to see the full list of "BlockedDomainsAndSubdomains"?

    I will note that I continue to get email from ......@bestspreadsheetapril.stream This should be blocked by at least one of the above commands, but it continues to come through.

    Any thoughts or suggestions would be appreciated.

    Todd


    Todd Williams

    Tuesday, April 24, 2018 5:01 PM

Answers

  • Hi,

    Sender Filter does not works in this way, it will not effect on root domain (i.e. .stream).
    Instead, we can use transport rule to filter message by sender's email address. For example:

    Then, any sender whose email address contains "com" words will be reject. For example:

    In a product environment, we may need to add some other conditions and exceptions. For example:
    Condition: Sender is outside of organization.
    Exception: The sender's domain is "test.com"

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Todd W_ Thursday, April 26, 2018 3:35 PM
    Thursday, April 26, 2018 2:28 AM
    Moderator

All replies

  • You could create a transport rule that matches the sender with a pattern match.  That works best with regular expressions.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Tuesday, April 24, 2018 5:51 PM
    Moderator
  • Maybe I haven't been clear about my objective: I need to  block a top level domain such as "stream", as in someone@owns.welcomewaiting.stream.

    Does anyone have any suggestions? The only took I have to work with is the Exchange Management Shell via commands such as "Set-SenderFilterConfig..."

    Thanks

    T


    Todd Williams

    Wednesday, April 25, 2018 5:01 PM
  • Hi,

    Sender Filter does not works in this way, it will not effect on root domain (i.e. .stream).
    Instead, we can use transport rule to filter message by sender's email address. For example:

    Then, any sender whose email address contains "com" words will be reject. For example:

    In a product environment, we may need to add some other conditions and exceptions. For example:
    Condition: Sender is outside of organization.
    Exception: The sender's domain is "test.com"

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Todd W_ Thursday, April 26, 2018 3:35 PM
    Thursday, April 26, 2018 2:28 AM
    Moderator
  • Thank you Allen, I believe that should solve the problem. I am testing the solution now.

    T


    Todd Williams

    Thursday, April 26, 2018 3:36 PM
  • Allen,

    Thank you for your suggestion. I have created one rule with several "or" statements. Is it? Should it? be necessary to reboot the exchange server. The "steam" root domain seems to continue to creep through. Do I need to remove the block in the Exchange Management Shell?

    Thanks again for your pointer.

    T


    Todd Williams

    Thursday, April 26, 2018 6:48 PM
  • We don't need to restart or reboot Exchange server.
    Any other duplicate rule with it? If so, disable it and test the result.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, April 27, 2018 2:56 AM
    Moderator
  • Allan, Thanks for coming back

    I have only two transport rules; one to block senders with specific things in the senders name, and one to block email with specific things in the subject line or body of the email. neither of them seem to be working.

    I created the first rule and noticed that things kept coming through (.steam). Then I created something to  block "keto" in the subject line or body. That  stuff continues  to  come  through.

    I do have a couple of similar rules for the sender noted above. (Created in he Exchange Management Shell.) Should I get rid of them??

    Thanks for your thoughts.

    T


    Todd Williams

    Friday, April 27, 2018 4:59 AM
  • En, you can set this rule with high priority (0 or 1).
    Ps: you can do it by EAC.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, May 1, 2018 3:16 AM
    Moderator