Log in to your Exchange admin center, and go to mail flow – rules:
Click on the plus icon to create a new rule, and choose Bypass spam filtering:
Note: You can use this same rule to either whitelist or blacklist a domain depending on the options you choose later.
As you can see, there are a lot of options to choose from – we’re going to be blocking by domain, so choose The sender… – domain is:
Add the domain that you’d like blocked, and hit the plus sign to add it to your list:
Then click OK to save your changes:
Your next step is to specify the Spam Confidence Level (SCL): click on Bypass spam filtering:
And set it as high as you want it to be (in this case 9)
Note that if you are trying to whitelist a domain, you would leave the option at Bypass spam filtering which sets its SCL to -1 (see the list below for more details)
For a breakdown of the SCL ratings and what they do, see the image below – clicking on it will take you to the TechNet article.
Next, set the rule to Enforced.
Alternately, you can choose to test the rule before making it live – here’s what the different options do:
- Enforce This will turn on the rule and it will start processing messages immediately.
- Test with Policy Tips This will turn on the rule, and what would have happened if the rule was enforced is logged in message tracking logs. Exchange doesn’t take any action that will impact the delivery of the message. In addition, senders are notified of the actions the rule will take if the rule contains the Notify the sender with a Policy Tip action.
- Test without Policy Tips This will turn on the rule, and what would have happened if the rule was enforced is logged in message tracking logs. Exchange doesn’t take any action that will impact the delivery of the message
Note that policy tips only work with Outlook 2013, and will not show up in OWA – make sure that if you plan to test your rule with Policy Tips that you are testing from a system with Outlook 2013
Next, choose an activation date. Note that you need to set a date in the future, so if you want it active today, set the time forward by the next half hour increment, or it will complain about your policy trying to be activated in the past.
I also set the rule to match sender address in message: Header or envelope to make sure that it catches spam that is spoofing as legitimate email.
If your rule analyzes the sender address, it only examines the message headers by default. However, you can configure your rule to also examine the SMTP message envelope. To specify what’s examined, click one of the following values for Match sender address in message:
- Header Only the message headers will be examined.
- Envelope Only the SMTP message envelope will be examined.
- Header or envelope Both the message headers and SMTP message envelope will be examined.
After that, click Save and you should be good to go.