This guide describes how you can configure Exchange Online to automatically delete emails received from specified suspicious domains.
You should not do this for popular or legitimate domains such as gmail.com or hotmail.com, etc.
- Sign in to https://outlook.office365.com/ecp as a Global Admin or Exchange Online Admin
- In the Exchange admin center, click mail flow from the options on the left
- On the rules tab, click the plus (+) icon to create a new rule
- On the new rule page, click the more options link at the bottom
- Now, you may fill in a name for the rule, e.g., "Block Emails from Suspicious Domains"
- Under Apply this rule if, mouse over The sender is and then click domain is
- Next, fill in the suspicious domain name that you would like to block, e.g., fakedomain.com
- Click the plus (+) icon to add the domain. You can add multiple domains
- Once you are done adding the domains, click OK
- Under Do the following, mouse over Block the message and then choose Delete the message without notifying anyone
- Click the checkbox labelled Stop processing more rules
- You may leave all other default options
- At the bottom, add comments describing what this rule does and any other important info
- Click Save
- Back on the rules tab, you should see your newly created rule in the list. Ensure that there is a checkmark in the box next to the rule, under the ON column
You can always come back to this rule and add additional suspicious domains as they are reported or discovered.
To update an existing rule:
- Simply double-click the rule
- Click the existing domain entries on the right
- Follow similar steps as before to add and save the domain(s)
- To delete a domain, click it and then click the minus (-) icon at the top
- To edit a domain, click it and then click the pencil icon at the top
- Remember to save changes when you are done