Blocking spam senders and domains in Office 365

Security is a one of the most significantly improved areas of Microsoft Office 365. If you are using Exchange Online mailboxes under your Office 365 tenant or a consumer of standalone exchange online protection (EOP), your emails are protected either way.


Exchange online protection (a.k.a EOP) Is part of the Microsoft’s email safety roadmap which constantly evolves in a unmatched cross-product approach. As email usage has rapidly grown, so has the email security concerns. The idea behind EOP is to provide a range of comprehensive abilities in order to protect millions of users from Junk, phishing (fraudulent mail threats) and malware attacks which are some of the well-known types of email related abuses.

Exchange Online however, has the built in ability to protect you from many threats. Nevertheless, there could be some scenarios that you need to manually handle as an Exchange/Office 365 Administrator. The following article will show you on how to prevent receiving spamming emails from a specific address, domain because, there can be rare cases that one or few emails able to get through EOP and hit the user mailbox (again, very rarely).

In my case, it was the following email which arrived in few user mailboxes (looked obviously spam and the user immediately reported to me). At this point, we can make use of “Blocked Sender List” in Exchange to prevent this happening again. And, as EOP spam filtering learns from known spam and phishing threats and user feedback, it’s a great idea to submit these kind of messages to Microsoft so that they will use it to train the AI based component behind the EOP.

From: Sonia Luton <>

Subject: Project


Hi Melina,

There is something i need you to do for me. Let me know if you are available. I am going into a meeting with a limited access to phone calls, just reply my email and i will get back to you.



So the address is and the domain is From Office 365 Exchange Admin Centre, navigate to Exchange admin center and “Protection” –> “Spam Filter” . Click on the “default policy”


The following flyout will be opened. Navigate to “Blocked lists”


Click on the + icon to add a new blocked sender and insert the desired address.


Then let’s add the domain too for blocking.


Once added, the domain will be in the blocked list and Office 365 will entirely block any emails from this domain.


Save it and monitor your email traffic time to time to identify if it’s being blocked.