Add Blocked Senders to Exchange Online Using PowerShell

Posted: December 12, 2017/Under: Microsoft Exchange, Office 365, PowerShell/By: jay c

Many things in Exchange and Office 365 take too long to do via the admin console, but are too obscure to do routinely via PowerShell.

Unless, that is, you have a script!

This function will add a single sender address to your spam policy’s BlockedSenders attribute or a sender domain to the BlockedSenderDomains attribute.

(If you find any errors in the code below, let me know. I tested it, but sometimes trying to make it look nice in WordPress introduces problems.)

Use a PowerShell function to block individual sender addresses or domains in Exchange Online

function Add-BlockedSender {
  <#
    .SYNOPSIS
    Adds a blocked sender address or domain to an Exchange Online spam policy.
    .DESCRIPTION 
    Adds one or more sender email addresses or a single sender domain name 
    to a specified Exchange Online spam policy. Accepts pipeline input or
    comma separated values for the SenderAddress parameter. If the name of
    a spam policy is not specified, assumes the policy name "Default".
    .EXAMPLE
    Read email addresses from a CSV file and pipe the resulting array to 
    the Add-BlockedSender function.
    $spammers = Import-CSV C:\Spammers.csv
    $spammers | Add-BlockedSender
    .EXAMPLE
    Add two email addresses and an email domain to a specified spam policy.
    Add-BlockedSender -SenderAddress "joe@schmoe.com","spammer@123.com" `
      -SenderDomain spammer.com -SpamPolicy "CompanySpamPolicy"
    .PARAMETER SenderAddress
    An email address to add to the blocked senders list.
    .PARAMETER SenderDomain
    An email domain to add to the blocked senders list.
    .PARAMETER SpamPolicy
    The name of an existing spam policy in your Exchange Online 
    organization. Defaults to "Default".
    .NOTES
    This function requires that you have a connection to Exchange Online 
    and have the relevant PowerShell modules loaded.
  #>

  # xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  [CmdletBinding()]
  param (
    [Parameter(ValueFromPipeline=$True,
      ValueFromPipelineByPropertyName=$True,  
      HelpMessage='Must be one or more valid, comma-separated email addresses.')]
      [string[]]$SenderAddress,
    [Parameter(HelpMessage='Must be one or more valid, comma-separated email domains.')]
      [string]$SenderDomain,
    [Parameter(HelpMessage='The name of an existing Spam Policy in your Exchange Online tenent. Default is Default.')]
      [string]$SpamPolicy = 'Default'
  )

  BEGIN {
    # Test for connection to Microsoft Online.
    if (-not (Get-Command Get-UnifiedGroup -ea silentlycontinue)) {
      Write-Warning "This function requires a connection to Office 365."
      $SkipRemainder = $True
    }

    # Validate the specified sender domain.
    if ($SenderDomain -and ($SenderDomain -notlike "*.*" `
      -or $SenderDomain -like "*@*")) {
      Write-Warning "Invalid sender domain"
      $SkipRemainder = $True
    }

    if ($SkipRemainder -ne $True) {
      # Get the BlockedSenders and BlockedSenderDomains values from 
      # the Exchange Online Spam Policy and save them to variables for
      # later use.
      $FilterPolicy = (Get-HostedContentFilterPolicy -Identity $SpamPolicy)
      $BlockedSenders = (($FilterPolicy | Select -ExpandProperty `
        BlockedSenders).Sender | foreach{$_.Address})
      $BlockedSenderDomains = ($FilterPolicy | Select -ExpandProperty `
        BlockedSenderDomains).Domain
      # Set a variable for testing the sender addresses later.
      $EmailRegex = '^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$'
    }
  }

  PROCESS {
    if ($SkipRemainder -ne $True) {
      foreach ($Address in $SenderAddress) {
        # Validate the sender address parameter.
        if ($Address -and ($Address -notmatch $EmailRegex)) {
          Write-Warning "Invalid sender address: $Address."
          $SkipRemainder = $True
          Return
        }
        # Add the address to the BlockedSenders variable.
        $BlockedSenders += $Address
      }
    }
  }

  END {
    if ($SkipRemainder -ne $True) {
      # Set the new BlockedSenders value.
      if ($BlockedSenders) {Set-HostedContentFilterPolicy -Identity `
        $SpamPolicy -BlockedSenders $BlockedSenders}
      # Set the new BlockedSenderDomains value.
      if ($SenderDomain) {
        $BlockedSenderDomains += $SenderDomain
        Set-HostedContentFilterPolicy -Identity $SpamPolicy `
          -BlockedSenderDomains $BlockedSenderDomains
      }
    }
  }
}

3 responses to “Add Blocked Senders to Exchange Online Using PowerShell”

  1. russell says:
    May 24, 2019 at 5:21 am

    Thanks for this scrip. I’ve used it.
    I am wondering if you shadow some light to reverse the job, such as remove the added email address or domain from the blocked list.

    Reply
  2. Ray says:
    April 22, 2021 at 2:26 pm

    Thank you so much for this, had a newer employee deal with the new blocking in Exchange Online, this was way simpler for us to do!

    Reply
  3. danish says:
    July 30, 2021 at 1:25 am

    Thanx man

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Many links on this website to books, software, and other resources are affiliate links. I might earn a very small commission if you purchase through one of my links.