Add Blocked Senders to Exchange Online Using PowerShell

Many things in Exchange and Office 365 take too long to do via the admin console, but are too obscure to do routinely via PowerShell.

Unless, that is, you have a script!

This function will add a single sender address to your spam policy’s BlockedSenders attribute or a sender domain to the BlockedSenderDomains attribute.

(If you find any errors in the code below, let me know. I tested it, but sometimes trying to make it look nice in WordPress introduces problems.)

Use a PowerShell function to block individual sender addresses or domains in Exchange Online

function Add-BlockedSender {
    Adds a blocked sender address or domain to an Exchange Online spam policy.
    Adds one or more sender email addresses or a single sender domain name 
    to a specified Exchange Online spam policy. Accepts pipeline input or
    comma separated values for the SenderAddress parameter. If the name of
    a spam policy is not specified, assumes the policy name "Default".
    Read email addresses from a CSV file and pipe the resulting array to 
    the Add-BlockedSender function.
    $spammers = Import-CSV C:\Spammers.csv
    $spammers | Add-BlockedSender
    Add two email addresses and an email domain to a specified spam policy.
    Add-BlockedSender -SenderAddress "","" `
      -SenderDomain -SpamPolicy "CompanySpamPolicy"
    .PARAMETER SenderAddress
    An email address to add to the blocked senders list.
    .PARAMETER SenderDomain
    An email domain to add to the blocked senders list.
    .PARAMETER SpamPolicy
    The name of an existing spam policy in your Exchange Online 
    organization. Defaults to "Default".
    This function requires that you have a connection to Exchange Online 
    and have the relevant PowerShell modules loaded.

  # xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  param (
      HelpMessage='Must be one or more valid, comma-separated email addresses.')]
    [Parameter(HelpMessage='Must be one or more valid, comma-separated email domains.')]
    [Parameter(HelpMessage='The name of an existing Spam Policy in your Exchange Online tenent. Default is Default.')]
      [string]$SpamPolicy = 'Default'

    # Test for connection to Microsoft Online.
    if (-not (Get-Command Get-UnifiedGroup -ea silentlycontinue)) {
      Write-Warning "This function requires a connection to Office 365."
      $SkipRemainder = $True

    # Validate the specified sender domain.
    if ($SenderDomain -and ($SenderDomain -notlike "*.*" `
      -or $SenderDomain -like "*@*")) {
      Write-Warning "Invalid sender domain"
      $SkipRemainder = $True

    if ($SkipRemainder -ne $True) {
      # Get the BlockedSenders and BlockedSenderDomains values from 
      # the Exchange Online Spam Policy and save them to variables for
      # later use.
      $FilterPolicy = (Get-HostedContentFilterPolicy -Identity $SpamPolicy)
      $BlockedSenders = (($FilterPolicy | Select -ExpandProperty `
        BlockedSenders).Sender | foreach{$_.Address})
      $BlockedSenderDomains = ($FilterPolicy | Select -ExpandProperty `
      # Set a variable for testing the sender addresses later.
      $EmailRegex = '^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$'

    if ($SkipRemainder -ne $True) {
      foreach ($Address in $SenderAddress) {
        # Validate the sender address parameter.
        if ($Address -and ($Address -notmatch $EmailRegex)) {
          Write-Warning "Invalid sender address: $Address."
          $SkipRemainder = $True
        # Add the address to the BlockedSenders variable.
        $BlockedSenders += $Address

  END {
    if ($SkipRemainder -ne $True) {
      # Set the new BlockedSenders value.
      if ($BlockedSenders) {Set-HostedContentFilterPolicy -Identity `
        $SpamPolicy -BlockedSenders $BlockedSenders}
      # Set the new BlockedSenderDomains value.
      if ($SenderDomain) {
        $BlockedSenderDomains += $SenderDomain
        Set-HostedContentFilterPolicy -Identity $SpamPolicy `
          -BlockedSenderDomains $BlockedSenderDomains

3 responses to “Add Blocked Senders to Exchange Online Using PowerShell”

  1. russell says:

    Thanks for this scrip. I’ve used it.
    I am wondering if you shadow some light to reverse the job, such as remove the added email address or domain from the blocked list.

  2. Ray says:

    Thank you so much for this, had a newer employee deal with the new blocking in Exchange Online, this was way simpler for us to do!

Leave a Reply

Your email address will not be published. Required fields are marked *