Is there a way to block international encodings and high level domains via registry

Thanks again for your ideas, but our connector is working fine, headers are showing as processed by MS-Exchange, and to my MS365 mailbox the junk emails I send are going directly to junk in outlook. But with the on-premises mailbox it just goes to the inbox. I've set country and language filters in 365, but to me this still looks like Outlook is ignoring all the spam headers.

I have both accounts, 365 and on-premises, both set up in outlook desktop app. I send an email to both mailboxes and the 365 mailbox sends it to Junk, where the other doesn't.

The only major difference I can see in the headers, apart from the things I've told my on-premises to add to the headers, is

Emails to 365 show:

X-MS-Exchange-Organization-SCL: 9

Emails directed to On-premises show:

X-MS-Exchange-CrossPremises-SCL: 9

I set my on-premises to add X-MS-Exchange-Organization-SCL: 9 and it is still delivered to inbox. Junk email filter is set to High in outlook, but it still ignores this. Even with a test with a new install of Thunderbird, I've set it to move junk to the Junk folder and my test emails have been thrown in the junk folder, so Thunderbird recognises my Junk, so this definitely seems to be an outlook problem.

Hello,

Thank you for providing more details about your issue. I understand that you're experiencing problems with junk emails not being filtered correctly in Outlook, especially with emails coming from international domains and high-level domains.

I understand the frustration with the current spam filtering and mail flow issues in your hybrid setup.

By our understanding, you doing hybrid mail flow.

To address your concerns, I recommend the following:

Refer to this link Mail flow best practices for Exchange Online, Microsoft 365, and Office 365 (overview) | Microsoft Learn which tells what is recommended mail-flow architecture

Review the Hybrid Connection:

• It’s important to review your hybrid connection settings. It’s likely that the connector has been labeled as an internal connection, which means emails might bypass the spam checks. Ensure that your connector configuration is correct and that it’s set to apply the necessary spam filtering.

Raise a Ticket with Microsoft 365 Support:

• Given the complexity of your setup, I recommend raising a support ticket with Microsoft 365 Support.Microsoft 365 admin center
• Share the specific scenario you’re facing, including the message headers and the settings for the connector you’ve created. They can provide detailed guidance and help you configure your system properly.
• Make sure to provide them with proper logs and any other relevant information about your mail flow configuration and issues.

For detailed steps and further assistance, you can refer to the Microsoft documentation on mail flow rules.

Regarding your question about forcing Outlook to look at headers and move emails to the junk folder, I suggest exploring the "Junk Email Options" in Outlook settings. You can also try creating a rule to move emails with specific headers to the junk folder.

Here are the steps to create a rule in Outlook to move emails with specific headers to the junk folder:

Step 1: Open Outlook and go to the "Home" tab

Step 2: Click on "Rules" in the "Move" group

Step 3: Select "Manage Rules & Alerts"

Step 4: Click on "New Rule"

Step 5: Choose "Start from a blank rule" and select "Check messages when they arrive"

Step 6: Click on "Next"

Step 7: In the "Which condition(s) do you want to check?" section, select "with specific words in the message header"

Step 8: Enter the specific header you want to check (e.g. "X-Spam-Flag: YES")

Step 9: Click on "Next"

Step 10: Select "Move it to the Junk Email folder"

Step 11: Click on "Finish"

This rule will move emails with the specified header to the junk folder. You can also modify the rule to check for other headers or conditions.

Regarding the "Junk Email Options", you can access them by going to the "Home" tab, clicking on "Junk", and selecting "Junk Email Options". From there, you can adjust the settings to suit your needs.

Please note that these steps are for Outlook desktop app, if you are using Outlook web app, the steps might vary.

It was pleasure working with you on this issue, if you think I have provided the required information related to your post, you can also vote on it.

Appreciate your patience with us.

Looking forward to your response and have a great day ahead!!

Sincerely,

Microsoft Community Moderator

Thanks for your reply, but unfortunately MS365 is the issue.

I am currently using MS365 in testing and would be pretty much ready to migrate, but currently we have no protection through our Mailflow connector.

EOP is said to process all emails, even those going to a connector, however the issue is that Junk emails to my mailbox in 365 go to my junk folder, but any to my mailbox on the same domain hosted on our on premises SMTP server go straight to the inbox.

Turning the junk email filter on and setting High hasn't made much difference to this, and Outlook seems to ignore any headers that EOP or our SMTP server put there marking it as spam.

MS has added the header:

X-Forefront-Antispam-Report: CIP:40.92.48.14;CTRY:AT;LANG:zh-cn;SCL:9;SRV:;IPV:NLI;SFV:SPM;H:EUR02-VI1-obe.outbound.protection.outlook.com;PTR:mail-vi1eur02olkn2014.outbound.protection.outlook.com;CAT:HSPM;SFS:(13230040)(7093399012)(2040899013)(28032699018);DIR:INB;

Marking as spam confience level 9.

I've also set our server to check for SCL levels and at 5 or above add the following from various places on the internet:

X-Spam-Flag: YESX-Spam-Level: *********X-ME-Content: Deliver-To=JunkXJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X: 0

Outlook ignores it all. I know outlook used to do this job as I've had many emails go to junk when I was using Office 2007/2013, but my testing on 2016+, stand alone license and 365 license have done nothing, it's almost like the functionality has been removed for the junk email levels, but the options have been left. My thoughts were to block foreign encodings as most of it seems to be from china or russia, then though, I could block the high level domains also, as the junk filter doesn't work.

So, my amended question would now be: How can I force outlook to actually look at the headers and put emails from a 365 domain routed via a connector to a POP3 server that have been clearly marked as junk from multiple sources into the junk folder without having to log into over 200 windows devices to make this change?

Hello,

Good day!Thank you for reaching out to the Microsoft Community.

I understand you're facing challenges with blocking certain international encodings and high-level domains across multiple PCs using the registry.I understand that this has been a challenging task, and you've invested significant effort trying various solutions.I appreciate the effort you've already put into finding a solution and testing various approaches.

You need to block certain international encodings and high-level domains for around 200 PCs, but the registry changes you've tried aren't working consistently across different user profiles.

It's clear that you've been diligently working to find a solution. You've tried creating and comparing registry snapshots, developing a batch file to automate the process, and even manually modifying registry keys, all without consistent success. You’ve also explored suggestions from various sources, including chatGPT, but haven't found a reliable method that works for all profiles.

Note: Blocking domains or emails of specific country can be done using office 365 but encodings can't be done using outlook client

In the meantime Kindly refer to this article Allow or block email using the Tenant Allow/Block List - Office 365 | Microsoft Learn

Manage allows and blocks in the Tenant Allow/Block List - Microsoft Defender for Office 365 | Microsoft Learn

If you are an admin or kindly contact your organization Admin If you are not Admin, "how to block domains". Kindly check with below step to block email from a specific domain.

Kindly go to Microsoft 365 admin center (Enter your username and Password)-->Show all-->choose Securityunder Admin centersor go to Microsoft 365 defender direct by visiting https://security.microsoft.com/

• Go to Policies & rules> Threat Policies > Rulessection >Tenant Allow/Block Lists

• On the Domains & addresses tab, click the block icon Block.

• In the Block domains & addresses flyout that appears, configure the following settings:
  • Domains & addresses: Enter the specific domain you want to block.
  • Remove block entry after: The default value is 30 days, but you can select from the following values:
    • 1 day
    • 7 days
    • 30 days
    • Never expire
    • Specific date: The maximum value is 90 days from today.
• Optional note: Enter descriptive text for why you're blocking the email addresses or domains.
• When you're finished, click Add.

Important Note:

• If you are not Admin, kindly contact your organization Admin to perform above steps.
• Users in the organization can't send email to these blocked domains and addresses. They'll receive the following non-delivery report (also known as an NDR or bounce message): 550 5.7.703 Your message can't be delivered because one or more recipients are blocked by your organization's tenant recipient block policy. The entire message is blocked for all recipients of the message, even if only one recipient email address or domain is defined in a block entry. For extra reference kindly refer to Allow or block email using the Tenant Allow/Block List - Office 365 | Microsoft Learn

We will show you how to block a Top-Level Domain with Exchange Online PowerShell.

First, you need to Connect to Exchange Online PowerShell. Open Windows PowerShell as administrator, run the below cmdlet, and sign in with your admin credentials.

Connect-ExchangeOnline

Block Top-Level Domain with PowerShell

Run the below PowerShell command example to block a TLD with no expiration date. It will block email messages that contain the Top-Level Domain .com.

New-TenantAllowBlockListItems -ListType Url -Block -Entries "*.com/*" -NoExpiration

The below PowerShell command example blocks multiple TLDs with no expiration date.

New-TenantAllowBlockListItems -ListType Url -Block -Entries "*.com/*", "*.live/*" -NoExpiration

Block Domain with PowerShell

Run the below PowerShell command example to block a domain with no expiration date. It will block email messages that contain the domain outlook.com, such as www.sub.outlook.com or outlook.com/test

New-TenantAllowBlockListItems -ListType Url -Block -Entries "outlook.com" -NoExpiration
New-TenantAllowBlockListItems -ListType Url -Block -Entries "outlook.com", "gmail.com" -NoExpiration

Please understand that our initial response may not always resolve the issue immediately. However, with your help and more detailed information, we can work together to find a solution.

Please feel free to let me know if there are any updates or if I've got you wrong. I will keep assisting you based on the information you provide. We sincerely appreciate your patience and cooperation. Thanks for your precious time. Have a nice day!

It was pleasure working with you on this issue, if you think I have provided the required information related to your post, you can also vote on it.

Appreciate your patience with us.

Looking forward to your response and have a great day ahead!!

Sincerely,

Microsoft Community Moderator