Safe senders list deployed via GPO not working RRS feed

  • Question

  • Outlook 2007 w/Exchange 2010 SP1. Followed the instructions in the KB article here: http://support.microsoft.com/kb/2252421.  Verified that both the "Junkmailimportlists" and "junkmailsafesendersfile" registry keys are being deployed to the clients. When opening Outlook, the importlists key does not get reset (not sure if it should because we're using the admin template to "trigger to apply..." setting in the template". Regardless though, the safe senders list does not update on the client.


    We have the safe senders list on a share \\server\safesender.txt which is what is deployed via GP. I have also tried putting the file local on the client and changing the path with no luck. Where am I going wrong? We recently upgraded from Exchange 2003 to 2010. Am I barking up the wrong tree? Should I be deploying the list with Exchange, or is that only possible with Outlook 2010? Thanks

    Monday, July 18, 2011 3:54 PM


  • Hi RF Tech,


    Please move the safesenders file from \netlogon or \sysvol folder to a different network share and then try updating the policy. If its still doesn't work then I would recommend that you contact us via the support options available here http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone . This will help us address your issue more efficiently.
    Please note that if the issue you are reporting is due to a code defect in Outlook, you will not be charged for support.



    Best Regards,

    Rashid Aga [MSFT]

    Sunday, September 4, 2011 5:08 AM

All replies

  • hi,

    first of all to machine that you want to apply GP and 'gpupdate /force' check if user policy is being accepted and you have no errors in the event viewer

    check that you have applied the appropriate folder permission on the server so it can be access by everyone (you can assign 'read' everyone but make it share$)

    i would recomend to check GP to see if your HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\1x.0\Outlook\Options\Mail is correct

    the 1x.0 represents 12/13/14 according to office version

    here is my for office 2010

    Policy Setting Comment
    Specify path to Safe Senders list Enabled 
    Specify full path and filename to Safe Senders list \\server\adm$\Office 2010 ADM\sender_list.txt

    Windows Settingshide

    JunkMailImportLists (Order: 1)hide

    Action Update PropertiesHive HKEY_CURRENT_USER
    Key path Software \Microsoft\Office\14.0\Outlook\Options\Mail
    Value name JunkMailImportLists
    Value type REG_DWORD
    Value data 0x1 (1)

    Monday, July 18, 2011 4:06 PM
  • I have verified GP is applying properly and there are no errors. Appropriate permissions are assigned to the share. I have opened outlook, and imported that safe senders list manually from the share, and it works fine. Just isn't applying automatically.

    The registry keys are being applied properly on the client, to the locations in the KB article, and what you've listed above.

    Monday, July 18, 2011 4:11 PM
  • try and mark:   Run in logged-on user's security context (user policy option)

    This can be especially important when using drive maps or other preferences
    Monday, July 18, 2011 4:37 PM
  • We're running AD in a server03 environment. So unfortunately I don't have that option to change.
    Monday, July 18, 2011 4:53 PM
  • I think Exchange 2010 manages the junk email in a diffrent way take a look at this:


    and this:


    Set-MailboxJunkEmailConfiguration: http://technet.microsoft.com/en-us/library/dd979780.aspx


    my organization is not using EXC2010 so maybe that was the problem with my answer  above


    Monday, July 18, 2011 7:55 PM
  • I've seen the Technet article before, although we do not have an Edge Transport server to configure. I noticed it does also mention "In Office Outlook 2007, users can create Safe Senders Lists. Safe Senders Lists specify a list of domain names and e-mail addresses from which the Outlook user wants to receive messages."

    I know we've done some configuration with Exchange to allow certain domains, although in the end, the local Outlook filter still catches it.

    Also, in this case, I'm not sure it's Exchange. If Exchange were filtering it out as spam, wouldn't it go into the Junk email folder in OWA? Also, if I turn off the junk email filtering on the Outlook client, the messages go to the inbox. It seems that it is filtered specifically by Outlook.

    Tuesday, July 19, 2011 5:15 PM
  • Hi PF Tech,

    I got the same result on my test machine, and I am trying to involve someone familiar with this topic to further look at this issue, there might be some time delay. Appreciate your patience.


    Max Meng
    Forum Support

    Come back and mark the replies as answers if they help and unmark them if they provide no help.
    Thursday, July 21, 2011 9:50 AM
  • Hi all, we have got same issue in our organisation and this problem occur when you edit directly GP.TXt file in group policy itself for Junk email Option.

    Microsoft did not recommended direct changes in the .txt file in group policy and it stop working after you had made changes in .txt file directly in group policy.


    1. You have to edit (Add or Delete) all domain in safe sender list of one of the outlook client.

    2. Then you need to Export to file in .txt format from that outlook client from, Click option-Junk Email option – Safe sender List- Export to file in .txt format.

    3. After that you have to use this .txt file in the Group policy

    4. Use Force Replication switch and it works after that we have got all junk email option in every outlook client irrespective of outlook client version.

    Manish Sain
    • Marked as answer by RF Tech Thursday, July 21, 2011 3:06 PM
    • Unmarked as answer by RF Tech Thursday, July 21, 2011 3:07 PM
    • Proposed as answer by Manish Sain Thursday, July 21, 2011 3:23 PM
    • Unproposed as answer by RF Tech Thursday, July 21, 2011 3:24 PM
    • Proposed as answer by Tobore Wednesday, January 24, 2018 5:12 PM
    Thursday, July 21, 2011 2:33 PM
  • Thank you. Your solution worked for XP clients, but not for Win7. I have tried a few win7 machines with the same result. The vast majority of our client are XP now, but it would be helpful to get this working on Win7 since we are migrating soon. Thanks.
    Thursday, July 21, 2011 3:08 PM
  • Hello RF Tech,


    What is the RU on Ex2010?

    It seems that Manish Sani’s suggestion helped to resolve the issue on Windows XP machine but not on Windows 7 machine.

    Is it Outlook 2007 on Windows 7 machine as well?

    Did you logon to Window 7 machine as a same user as you logged on to Windows XP machine? Or did you login as different user on Win 7 machine?

    I believe you test the behavior by saving the safesender’s list locally with no luck. Did you also added the “JunkMailImportLists” key under non-policy hive HKEY_CURRENT_USER\Software \Microsoft\Office\14.0\Outlook\Options\Mail and tested the behavior?


    Here are some steps which we can test with.

    Let the affected user logon to the mailbox from Outlook Web Access.

    Click Options =>See All Options=>Block or Allow=>Make any change you want to the Junk E-mail Settings and click Save.


    This would sync the Safe Senders List in Outlook Web Access (Mailbox) to the Safe Senders List in the Outlook profile “Cached Exchange Mode” enabled.


    Another way to refresh the Junk E-mail Rule is through the “Update-SafeList” Powershell commandlet.

                    Update-SafeList -id “mailbox name”


    Let us know if that helps


    Best Regards,

    Rashid Aga [MSFT]

    • Marked as answer by Max Meng Tuesday, August 2, 2011 4:17 AM
    • Unmarked as answer by RF Tech Tuesday, August 2, 2011 4:23 PM
    Sunday, July 24, 2011 9:41 AM
  • Hi,
    As there has been no update for a couple of days, I will temporary mark the reply as answer.
    And if you come back to find it doesn't solve your problem, please feel free to reply to us and unmark the answer.


    Max Meng
    Forum Support

    Come back and mark the replies as answers if they help and unmark them if they provide no help.
    Tuesday, August 2, 2011 4:17 AM
  • Unfortunately I was incorrect. It does not function for all users. I don't know what was different about the one user I was testing with, but I just checked several other users running XP and Office 07, and their list has not updated. Despite the fact that both registry entries were added properly.
    Tuesday, August 2, 2011 4:24 PM
  • Hello RF Tech,


    This means it’s not a machine specific.

    Did you follow the steps suggested by me, any luck on that?



    Rashid Aga [MSFT]

    Thursday, August 4, 2011 10:33 AM
  • I have not tried your suggestion, but I have found that it is machine specific. Have set up several new computers for existing employees, and also for new employees, recently. All of those computers get the safe senders list updated properly. I have even deleted the entries, rebooted, and verified it is populated again properly. I don't know exactly what would cause that. They're all on new XP SP3 and Office 07 installs, and it is not user specific. Despite the fact that I have the trigger in the registry for Outlook to check the shared list, could there be some way that existing installs are ignoring it, and when Outlook is ran for the first time, it checks the list?
    Wednesday, August 10, 2011 3:10 PM
  • Hi RF Tech,


    Thanks for the update


    Since you have figured out that this issue is machine specific, I would suggest you open a support ticket with Microsoft as we might need to capture logs/dumps and analyze it to find the cause.


    Best Regards,

    Rashid Aga [MSFT]

    Monday, August 15, 2011 8:59 AM
  • OK, it is machine specific, but more specifically, it's profile specific. I logged into another user's machine with my logon. I had the same issue with the list not updating. Since I knew that the safe senders list doesn't work until cached exchange mode is on (which it is for all of our users), I deleted the Outlook folder in the windows profile (C:docs and settings\%username%\local settings\application data\outlook). Re-opened outlook, let it recreate the folder and associated files, no luck. I then logged out and deleted the entire profile (C:\docs and settings\%username%). Once I logged back in, and Windows recreated my profile, I opened Outlook and the list I'm pushing via GPO was there, along with the rest of my safe senders from my primary computer. Before I deleted the Windows profile, the list was completely empty. So I guess the question is: where is that data stored in the Windows user profile, and why is it not updating unless the file is recreated by deleting the entire user profile?


    So it's not just an issue with some machines, it's an issue with all local profiles that existed before the GPO was created to push the safe senders list.

    Monday, August 15, 2011 4:39 PM
  • I have the same issue with Outlook 2007 and Windows XP SP3. It also appears to be profile specific -- we previously had it working for 2007, and once one of our admins modified the safesender.txt list from our \\dc\netlogon\safesender.txt file, it stopped working. Could have been a coincidence, but worth noting...

    So, it appears that what's at issue is the list not importing to existing user profiles' Outlook.

    Without deleting users' Windows profiles (and having to do so for 1000s of our employees), I'm investigating further on how to re-populate the Safe Senders list -- perhaps some Registry setting that triggers Outlook to recreate that list?

    Thursday, August 18, 2011 6:33 PM
  • Deleted affected Windows profile from the computer, rebooted, logged back in as that user. The list didn't get populated, despite the Registry showing JunkMailImportLists = 1. So, maybe it's not Windows profile related after all.

    Thursday, August 18, 2011 10:44 PM

    Hi RF Tech,


    The only thing that I can think of is to use ProcMon to see what's happening at startup. You can capture Procmon and send it across to   cts-outforums at live dot com 

    Download process monitor tool from the link http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

                              I.            Run Procmon.exe

                            II.            Click on Magnifying glass icon (Ctrl+ E) to pause the tool.

                          III.            Press Clear (ctrl + X) to clear out the data collected.

                          IV.            Now Start the Process monitor logging by clicking on Magnifying glass icon (Ctrl+ E)

                            V.            Duplicate the issue on Outlook client. (Please repro the issue at least 3-4 times)

                          VI.            Now Pause the Logging by clicking on Magnifying glass icon (Ctrl+ E)

                        VII.            Save the log file as Comma Separated Value (CSV) file and also as a Native Process Monitor (PML) file.


    It may also be that you may have conflicting registry values – one in the policy hive and another in the non-policy subkey.

    Have you checked if “JunkMailImportLists” is placed in both policy and non-policy hive?


    Best Regards,

    Rashid Aga [MSFT]



    Wednesday, August 24, 2011 10:24 AM
  • Hi RF Tech,


    Please move the safesenders file from \netlogon or \sysvol folder to a different network share and then try updating the policy. If its still doesn't work then I would recommend that you contact us via the support options available here http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone . This will help us address your issue more efficiently.
    Please note that if the issue you are reporting is due to a code defect in Outlook, you will not be charged for support.



    Best Regards,

    Rashid Aga [MSFT]

    Sunday, September 4, 2011 5:08 AM
  • We opened a case with MS Premier support.
    End result was that this is "by design", and that our feedback -- the ability to whitelist our own, internal email domains via safesenders list deployed over GPO (which worked with Exchange 2007) -- will be taken into consideration with the product team.
    Our workaround is to disable Junk Mail filtering for all of our Outlook clients, and to catch spam through our edge devices instead.
    • Proposed as answer by MSY_ Tuesday, November 1, 2011 12:51 AM
    Tuesday, November 1, 2011 12:50 AM
  • I just spent the last two hours fcuking around with this 'feature'

    I tried all permutations of everything listed in this and other posts, and still couldn't get it working.

    I fixed it in the end by 1. Crack open OWA 2. Open Junk email 3. Set a random site, and save it.

    Went straight into my Outlook and fcuk me it started working!

    Note: I use the term 'fix' loosely - this is a workaround and I still don't have a root cause.

    This is clearly a bug!!




    Here is the original doc I've used to resolve the issue:

    Outlook 2010 Safe Senders Import issue



     8< EXCERPT COPY PASTE START--------------

    Anyways, here's what I would try:

    Method #1

    Login to your Mailbox from Outlook Web Access. Make a change to your Junk E-Mail settings. Add or remove an enty. Edit and entry. Etc.

    8< EXCERPT COPY PASTE END--------------


    • Edited by Max Meng Wednesday, November 23, 2011 4:50 AM remove inappropriate words :)
    • Edited by mike_b_nz Wednesday, November 23, 2011 5:02 AM
    Wednesday, November 23, 2011 4:46 AM
  • I am having the same issues, but now stumbled upon a possible explanation.

    When trying to edit the safesenders list through OWA I get the error

    "@domainname.dk" er din e-mail-adresse eller dit domæne og kan ikke føjes til listen over sikre afsendere og modtagere.

    Loosely translated from danish: "@domainname.dk" is your e-mail-adress or your domain and cannot be added to the list of safe senders and recepients. 

    ID: Ex60EC60 - Which has no article yet.

    So if the people above was also trying with their own domains, it seems it is not supposed to work. - The reason for this escapes me though?

    • Proposed as answer by Esben76 Monday, October 8, 2012 10:47 AM
    Monday, October 8, 2012 10:47 AM