Block Emails from Suspicious Domains Organisation-wide in Microsoft Office 365

You should not do this for popular or legitimate domains such as or, etc.

  1. Sign in to as a Global Admin or Exchange Online Admin
  2. In the Exchange admin center, click mail flow from the options on the left
  3. On the rules tab, click the plus (+) icon to create a new rule
  4. On the new rule page, click the more options link at the bottom
  5. Now, you may fill in a name for the rule, e.g., "Block Emails from Suspicious Domains"
  6. Under Apply this rule if, mouse over The sender is and then click domain is
  7. Next, fill in the suspicious domain name that you would like to block, e.g.,
  8. Click the plus (+) icon to add the domain. You can add multiple domains
  9. Once you are done adding the domains, click OK
  10. Under Do the following, mouse over Block the message and then choose Delete the message without notifying anyone
  11. Click the checkbox labelled Stop processing more rules
  12. You may leave all other default options
  13. At the bottom, add comments describing what this rule does and any other important info
  14. Click Save
  15. Back on the rules tab, you should see your newly created rule in the list. Ensure that there is a checkmark in the box next to the rule, under the ON column

You can always come back to this rule and add additional suspicious domains as they are reported or discovered.

To update an existing rule:

  1. Simply double-click the rule
  2. Click the existing domain entries on the right
  3. Follow similar steps as before to add and save the domain(s)
  4. To delete a domain, click it and then click the minus (-) icon at the top
  5. To edit a domain, click it and then click the pencil icon at the top
  6. Remember to save changes when you are done
Was this article helpful?
0 out of 0 found this helpful