Deploy junk email settings by using Group Policy

Summary

This article explains how to deploy the Safe Senders list and other junk email settings by using Group Policy. Although you can also deploy junk email settings in a nonpolicy location in the registry, don't use that method.

Create your lists

Before you can deploy junk email settings, you need to generate the Safe Senders list. Optionally, you can also generate Safe Recipients and Blocked Senders lists. Use the following methods to generate these lists:

• Manually create the lists for Safe Senders, Safe Recipients, and Blocked Senders, and save them as separate files.
• Export existing lists by using the Export to File button on the tabs in the Junk Email Options dialog box, and save them as separate files.

To learn more about accepted domains and how to create a safe senders list, see these resources:

• Accepted Domains, Safe Senders List and You.
• Create sender allow lists for cloud mailboxes

Important

You can't add your own domain or any accepted domains to these lists. Adding your own domain or an accepted domain initially appears to work. However, Outlook automatically removes these entries when it refreshes the Safe Senders list.

Deploy settings

To deploy the registry data to the Outlook client by using Group Policy, follow these steps:

1. If you don't already have the main Group Policy template for your version of Outlook, download and extract the latest Administrative Template files (ADMX/ADML) for Microsoft Office from the Microsoft Download Center.

2. Add the .admx files that you downloaded to your domain controller.

   The steps to add the .admx files might vary based on your deployment. For example, the steps are different if you apply the group policy to an OU instead of a domain. For information about how to use the .admx file to create and administer registry-based policy settings in Windows, see How to create and manage the Central Store for Group Policy Administrative Templates in Windows.

3. In the Group Policy Management Console, go to User Configuration, expand Administrative Templates, and then select the Junk E-mail policy node for your template.

   

4. Double-click Specify path to Safe Senders list. Type the path to the text file that includes the list of domains and addresses that you want to appear on the Safe Senders tab in Outlook.

5. To enable the policy, open the dialog box for the policy setting, and then select Enabled.

The files that you specify for the policies that control Safe Senders, Safe Recipients, and Blocked Senders must exist in the specified location when Outlook starts. If a file doesn't exist in the specified location, Outlook ignores that policy.

You can also specify any other Junk E-mail configuration policies such as Hide Junk Mail UI or Permanently Delete Junk E-mail.

After you configure the different junk email policy settings, go the Details pane, and then double-click Trigger to apply junk email list settings.

To enable this policy, select Enabled, and then select OK.

Verify the deployment

After you finish configuring your junk email policies and the policies propagate to your Outlook clients, verify that Outlook can access the policies. Check the following subkey in the registry:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Options\Mail

The following screenshot shows the registry of an Outlook client on which several junk email policies are configured. These policies include the trigger policy (JunkMailImportLists = 1) that forces Outlook to apply the junk email list policies.

• To test this policy deployment, start Outlook, and then open the Junk Email Options dialog box (Tools > Options > Junk Email). The settings that you configured by using Group Policy are displayed, but they're disabled so that users can't modify them through the Outlook user interface.

• The following screenshot shows the junk email protection level configured to No Automatic Filtering. This setting is selected because Exchange Online already has junk filtering. Users can't change this setting because it's configured through Group Policy.

  

Users can manually add or remove entries from the Safe Senders, Safe Recipients, and Blocked Senders tabs in Outlook even if you deploy these lists by using Group Policy.

If a user deletes an entry in one of these tabs and then restarts Outlook, the entry reappears on the tab if the policy that deploys the list of entries for that tab remains in effect.

If a user adds an entry to the Safe Senders, Safe Recipients, or Blocked Senders tabs in Outlook, the entry is removed if you deploy the entries for that tab by using Group Policy and if you also enable the Overwrite or Append Junk Mail Import policy. By enabling this policy, you force Outlook to overwrite entries on the tab with the entries that are specified in the list from the corresponding policy.

If you want to preserve entries that users add, set the Overwrite or Append Junk Mail Import policy to either Not Configured or Disabled.

Deploy the junk email list trigger to the nonpolicy location in the registry

You can configure the junk email list trigger and other junk email settings in the following nonpolicy location in the registry:

Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\Mail DWORD: JunkMailImportLists Value: 1

If you set this location in the registry, Outlook uses JunkMailImportLists = 1 as a one‑time trigger. After you restart Outlook for the first time, Outlook imports the deployed lists and then resets the value to zero (0) so that the lists aren't imported on subsequent restarts.

If you deploy JunkMailImportLists = 1 by using Group Policy (the policy registry path), Outlook can't reset the value because policy enforcement keeps the value at 1. Outlook always imports the lists at startup. This action repeatedly overwrites or appends list entries, depending on your policy configuration.