Blocking domains from .biz .tech .it

Jexy 1 Reputation point
2022-02-23T00:09:19.117+00:00

Can anyone please tell me the rule to create in exchange admin centre to block all emails that use .biz .tech .it , etc that only appear to deliver spam content. I have tried using the rule sender address contains .biz but it does not appear to be working.

Exchange | Exchange Server | Management
{count} votes

4 answers

Sort by: Most helpful
  1. Joyce Shen - MSFT 16,701 Reputation points
    2022-02-23T01:56:52.723+00:00

    Hi @Jexy

    Are your using on-prem Exchange server or Exchange online? And could you please share the complete rule you created here?

    You could modify the condition to "the sender address matches" to see if any help.

    177041-image.png

    And if you are using on-prem Exchange server, here also provide a way by using the Sender Filter agent, but please note this, For the parameter -BlockedDomains and -BlockedDomainsAndSubdomains, Valid input for the parameters are one or more domains. Wildcard characters aren't permitted.
    For example: contoso.com


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Jexy 1 Reputation point
    2022-02-23T04:57:28.727+00:00

    177044-screenshot-2022-02-23-154742.jpg

    Exchange online and have tried simar to what you have suggested. I have sending for approval to test , and today just tried changing to Test with Policy, but still not working.

    I don't seem to have the option you had, "the senders address matches "


  3. Joyce Shen - MSFT 16,701 Reputation points
    2022-02-28T07:04:37.787+00:00

    Hi @Jexy

    For the transport rule applied to the message, we could use the message trace feature, for example:

    178327-image.png

    Get-TransportRule "391B751B-88A2-456A-9333-44BB39EEC66D" |fl identity,description,guid  
    

    178310-image.png

    This links introduces the similar operation, you could take a reference:
    How to find which transport rule was applied to a specific message ?


    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  4. Jexy 1 Reputation point
    2022-03-03T22:20:48.477+00:00

    Ok so update for other users that have been trying to block domain extensions without blocking email that have the same letters. The first rule that was suggested does not work. Blocking .it domain the way we did above will block any email that has "it" in it. e.g JanIT@micro soft .com is blocked

    This seems to work though, found on another thread on another site. (^|.)it$

    Paste that into the rule to block all domains ending in .IT
    I have also included the same for .tech .online .biz and any other spammy domains

    So, to block ".tech" extension domains would be (^|.)tech$

    I'll monitor this and see if it works. Happy to hear any feedback how this goes from the community.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.