Manage Safe Senders and Blocked Senders lists with PowerShell in Microsoft 365

You can create Safe Senders and Blocked Senders lists in Outlook. In these lists, you can add email addresses and domains that you trust and don’t trust. The user can manage these junk email options in Outlook. As an admin, you can manage the same with PowerShell and export all the mailboxes junk email options. In this article, you will learn to manage safe senders and blocked senders lists with PowerShell in Microsoft 365.

Junk Mail Protection

The recipient can manage the Exchange mailbox Junk Mail Protection, which consists of the following:

1. Junk Email Filter: The Exchange mailbox security filter automatically checks each incoming email message and decides whether it is spam or legitimate.
2. Junk Email Filter Lists: The Exchange mailbox security filter that can classify a specific sender or specific domain as a legitimate sender or non-legitimate sender. You can control what is considered spam by adding email addresses and domains to these lists.

Manage the Junk Mail Protection:

• User: Each recipient can manage their Exchange mailbox using Outlook or the OWA mail settings.
• Admin: Use PowerShell to manage from the server, where there are more options to configure mail settings on behalf of the users.

Junk email options in Outlook

The Outlook Junk Email Filter is enabled by default. Outlook does not use a local spam filter to check whether an email is legit or spam because that will be implemented by the Exchange server.

The screenshot below shows the default settings of the junk email protection configuration in Outlook.

1. Open Outlook
2. Click Junk > Junk E-mail Options

3. Default setting > No Automatic Filtering. Mail from blocked senders is still moved to the Junk Email folder.

Junk Email Filter Lists

The Exchange mailbox Junk Email Filter Lists consist of these types of filters:

1. Safe Senders list

Use the PowerShell parameter -TrustedSendersAndDomain to manage the Safe Senders list.

The purpose of the Safe Senders list is to prevent legitimate mail from being mistakenly identified as spam and sent to the Junk Email folder.

When you add a domain name or email address to the Safe Senders List, emails sent from these senders will never be sent to the Junk Email folder.

2. Blocked Senders list

Use the PowerShell parameter -BlockedSendersAndDomains to manage the Blocked Senders list.

The purpose of the Blocked Senders list is to prevent spam mail that bypasses existing mail security filters that didn’t manage to identify and classify it as spam mail. Messages from people or domain names that appear in this list are always classified as junk, regardless of the content.

When you add a domain name or an email address to the Blocked Senders list, emails from these senders will automatically be sent to the Junk Email folder.

3. Safe Recipients list

Use the PowerShell parameter -TrustedRecipientsAndDomains to manage the Safe Recipients list.

The purpose of the Safe Recipients list is to prevent legitimate mail from being mistakenly identified as spam and sent to the Junk Email folder.

Safe recipients are recipients that you don’t want to block, usually groups that you are a member of. Everything you add to the Safe Senders list will automatically be added to the Safe Recipients list.

4. International

This option does not have a PowerShell parameter.

The international option enables blocking specific email messages based on a country domain name or specific language encoding.

1. Add email addresses and domains to Safe Senders and Blocked Senders Lists

To add email addresses and domain names to the Safe Senders and Blocked Senders list for a single or all mailboxes, use the Set-MailboxJunkEmailConfiguration PowerShell cmdlet.

Add email addresses or domains and remove existing Safe Senders list

To create an allow list of trusted senders, add new email addresses to the Safe Senders list, which will remove all existing ones from the list. Use the -TrustedSendersAndDomains parameter in the PowerShell command to add email addresses and domains to the Safe Senders list.

Create a new Safe Senders list and add trusted senders for a specific mailbox that will also remove all the existing email addresses from the list.

Set-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com" -TrustedSendersAndDomains "o365info.com", "alice@gmail.com"

Create a new Safe Senders list by adding trusted senders for all mailboxes that will also remove all the existing email addresses and domain names from the list.

Get-Mailbox -ResultSize Unlimited | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains "o365info.com", "alice@gmail.com"

Add email addresses and domains to existing Safe Senders list

To manage an allow list of trusted senders you can always add email addresses and domain names. Use the -TrustedSendersAndDomains parameter in the PowerShell command to add multiple email addresses and domains to the existing Safe Senders list.

Add an additional email address and domain name to the current Safe Senders list for a specific recipient without removing any existing trusted senders or domains.

Set-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com" -TrustedSendersAndDomains @{Add = "o365info.com", "alice@gmail.com" }

Run the PowerShell command to add an additional email address and domain name to the current Safe Senders list for all mailboxes. It will not remove any existing trusted senders or domains from each Safe Senders list.

Get-Mailbox -ResultSize Unlimited | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add = "o365info.com", "alice@gmail.com" }

Add email addresses or domains and remove existing Blocked Senders list

To create a block list of untrusted senders, add new email addresses to the Blocked Senders list, which will remove all existing ones from the list. Use the -BlockedSendersAndDomains PowerShell parameter to add email addresses and domains to the Blocked Senders list.

Create a new Blocked Senders list and add untrusted senders for a specific mailbox. It will also remove all the existing email addresses and domains from the list.

Set-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com" -BlockedSendersAndDomains "itspam.com", "spam@gmail.com"

Create a new Blocked Senders list and add untrusted senders for all mailboxes, which will remove all the existing email addresses from the list.

Get-Mailbox -ResultSize Unlimited | Set-MailboxJunkEmailConfiguration -BlockedSendersAndDomains "itspam.com", "spam@gmail.com"

Add email addresses and domains to existing Blocked Senders list

You can also manage the block list of untrusted senders by adding an email address and domain to the current Blocked Senders list. It will not remove any existing email addresses or domains from the list.

Add an email address and domain name to the current Blocked Senders lists for a specific recipient.

Set-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com" -BlockedSendersAndDomains @{Add = "itspam.com", "spam@gmail.com" }

Add an additional email address and domain name to the current Blocked Senders lists for all the Exchange recipients. It will not remove any existing untrusted senders or domains from each Blocked Senders list.

Run the PowerShell command to add blocked senders and domains to the existing Blocked Senders list for all mailboxes.

Get-Mailbox -ResultSize Unlimited | Set-MailboxJunkEmailConfiguration -BlockedSendersAndDomains @{Add= "itspam.com", "spam@gmail.com" }

Add email addresses or domains and remove existing Safe Senders and Blocked Senders lists

To create new Safe Senders and Blocked Senders lists, you need to add new email addresses, which will remove the existing ones from both lists.

Add new email addresses and domains to both the Safe Senders and Blocked Senders lists for a specific mailbox, which will remove the existing lists.

Set-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com" -TrustedSendersAndDomains "o365info.com", "alice@gmail.com" -BlockedSendersAndDomains "itspam.com", "spam@gmail.com"

Run the below PowerShell command to add email addresses and domains to the Safe Senders and Blocked Senders lists for all mailboxes which will remove the existing lists.

Get-Mailbox -ResultSize Unlimited | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains "o365info.com", "alice@gmail.com" -BlockedSendersAndDomains "itspam.com", "spam@gmail.com"

Add email addresses or domains to existing Safe Senders and Blocked Senders lists

To manage the current Safe Senders and Blocked Senders list, you can always add new email addresses. It will not remove any email addresses or domains from the existing lists.

Only add email addresses and domains to both the Safe Senders and Blocked Senders lists for a specific mailbox.

Set-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com" -TrustedSendersAndDomains @{Add = "o365info.com", "alice@gmail.com" } -BlockedSendersAndDomains @{Add = "itspam.com", "spam@gmail.com" }

Run the below PowerShell command to add email addresses and domains to the Safe Senders and Blocked Senders lists for all mailboxes.

Get-Mailbox -ResultSize Unlimited | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add = "o365info.com", "alice@gmail.com" } -BlockedSendersAndDomains @{Add = "itspam.com", "spam@gmail.com" }

2. Update existing Safe Senders and Blocked Senders lists

You can always update the existing Safe Senders lists and Blocked Senders lists. Manage both lists by removing or adding email addresses or domains for a single and all mailboxes.

Remove email addresses and domain names from Safe Senders list

We would like to remove an email address and domain name from the Safe Senders list from a specific user mailbox.

Run the PowerShell command to remove from the Safe Senders list for a single mailbox.

Set-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com" -TrustedSendersAndDomains @{Remove = "alice@gmail.com", "o365info.com" }

You can also remove an email address and domain name from the Safe Senders list for all the Exchange recipients.

Run the PowerShell command to remove from the Safe Senders list for all mailboxes.

Get-Mailbox -ResultSize Unlimited | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Remove = "alice@gmail.com", "o365info.com" }

Remove email addresses and domain names from Blocked Senders list

We would like to remove an email address and domain name from the Blocked Senders list of a specific user mailbox.

Run the PowerShell command to remove from the Blocked Senders list for a single mailbox.

Set-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com" -BlockedSendersAndDomains @{Remove = "spam@gmail.com", "itspam.com" }

You can also remove an email address and domain name from the Blocked Senders list for all the Exchange recipients.

Run the PowerShell command to remove from the Blocked Senders list for all mailboxes.

Get-Mailbox -ResultSize Unlimited | Set-MailboxJunkEmailConfiguration -BlockedSendersAndDomains @{Remove = "spam@gmail.com", "itspam.com" }

Add and remove email addresses and domains in Safe Senders list

Run the below PowerShell command to add and remove trusted senders and domains for a specific mailbox.

Set-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com" -TrustedSendersAndDomains @{Remove = "alice@gmail.com", "o365info.com" ; Add = "alice.good@gmail.com", "safedomain.com" }

Run the below PowerShell command to add and remove trusted senders and domains for all mailboxes.

Get-Mailbox -ResultSize Unlimited | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Remove = "alice@gmail.com", "o365info.com" ; Add = "alice.good@gmail.com", "safedomain.com" }

Add and remove email addresses and domains in Blocked Senders list

Run the below PowerShell command to add and remove blocked senders and domains for a specific mailbox.

Set-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com" -BlockedSendersAndDomains @{Remove = "spam@gmail.com", "itspam.com"; Add = "spam@gmail.com", "itspam.com" }

PowerShell command to add and remove blocked senders and domains for all mailboxes.

Get-Mailbox -ResultSize Unlimited | Set-MailboxJunkEmailConfiguration -BlockedSendersAndDomains @{Remove = "spam@gmail.com", "itspam.com"; Add = "junkspam@gmail.com", "junkspam.com" } 

3. Manage Junk Email Options

Use the Set-MailboxJunkEmailConfiguration PowerShell cmdlet to configure junk email options for single or multiple mailboxes.

Enable Outlook Junk Email Filter

By default, the junk email rule is enabled in the mailbox. The Outlook Junk Email Filter doesn’t stop the delivery of junk email messages, but moves suspected spam to the Junk Email folder.

It means that the messages go through the spam filter (Exchange Online Protection) first. After that, Outlook looks into the Safe Senders and Blocked Senders lists of each mailbox to filter them as spam or not.

To enable the junk email rule, use the -Enabled PowerShell parameter with a value of $true.

Run the below PowerShell command to enable the mailbox Junk Email Filter for a specific recipient.

Set-MailboxJunkEmailConfiguration "Amanda.Hansen@m365info.com" -Enabled $true

Enable Junk Email Filter for all mailboxes in PowerShell with the below command.

Get-Mailbox -ResultSize Unlimited | Get-MailboxJunkEmailConfiguration | Where-Object { $_.Enabled -eq $false } | Set-MailboxJunkEmailConfiguration -Enabled $true

Disable Outlook Junk Email Filter

If you want to Block senders in Microsoft 365 for the entire tenant using a threat policy, you should disable the junk email rule in Outlook for mailboxes. However, if Outlook specifies the message as spam or the senders are specified in the Blocked Senders list. It can still move the message to the Junk Email folder. Therefore, you should also clear the Blocked Senders list for these mailboxes.

To disable the junk email rule for a mailbox, use the -Enabled PowerShell parameter with the value $false.

To disable the mailbox Junk Email Filter for a specific recipient, run the below PowerShell command.

Set-MailboxJunkEmailConfiguration "Amanda.Hansen@m365info.com" -Enabled $false

Run the PowerShell command to disable Junk Email Filter for all mailboxes.

Get-Mailbox -ResultSize Unlimited | Get-MailboxJunkEmailConfiguration | Where-Object { $_.Enabled -eq $true } | Set-MailboxJunkEmailConfiguration -Enabled $false

Enable Trust Email from Contacts for single mailbox in Outlook

Another option is to enable the emails from your contacts in Outlook, which is not enabled by default. It automatically trusts each email of the recipients email addresses in your contact list.

To enable trust emails from contacts in Outlook, follow these steps:

1. Open Outlook
2. Click Junk > Junk E-mail Options

3. Click the tab Safe Senders
4. Select Also trust email from my Contacts

Enable Contacts Trusted

Use the -ContactsTrusted PowerShell parameter with the value $true to enable the option Also trust email from my Contacts for a single mailbox.

Set-MailboxJunkEmailConfiguration "Amanda.Hansen@m365info.com" -ContactsTrusted $true

Enable the option Also trust email from my Contacts for all mailboxes with the below PowerShell command.

Get-Mailbox -ResultSize Unlimited | Get-MailboxJunkEmailConfiguration | Where-Object { $_.ContactsTrusted -eq $false } | Set-MailboxJunkEmailConfiguration -ContactsTrusted $true

Disable Contacts Trusted

Use the -ContactsTrusted PowerShell parameter with the value $false to disable the option Also trust email from Contacts for a single mailbox.

Set-MailboxJunkEmailConfiguration "Amanda.Hansen@m365info.com" -ContactsTrusted $false

Disable the option Also trust email from my Contacts for all mailboxes in your organization with the below PowerShell command.

Get-Mailbox -ResultSize Unlimited | Get-MailboxJunkEmailConfiguration | Where-Object { $_.ContactsTrusted -eq $true } | Set-MailboxJunkEmailConfiguration -ContactsTrusted $false

4. Get Safe Senders and Blocked Senders Lists

To get information about the Safe Senders and Blocked Senders Lists, use the Get-MailboxJunkEmailConfiguration PowerShell cmdlet.

Get Safe Senders and Blocked Senders lists for specific mailbox

Get all the information about the Mailbox Junk Email Configuration, including the email addresses and domain names that appear in the Safe Senders and the Blocked Senders lists.

Run the PowerShell command to get information about a single mailbox.

Get-MailboxJunkEmailConfiguration -Identity "Amanda.Hansen@m365info.com"

The PowerShell output results.

Status                      : IsPresent, IsEnabled
Enabled                     : True
TrustedListsOnly            : False
ContactsTrusted             : True
TrustedSendersAndDomains    : {alice@gmail.com, o365info.com}
BlockedSendersAndDomains    : {spam@gmail.com, itspam.com}
TrustedRecipientsAndDomains : {alice@gmail.com, o365info.com}
SenderScreeningEnabled      : False
MailboxOwnerId              : 41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5
Identity                    : 41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5
IsValid                     : True
ObjectState                 : Unchanged

Get Safe Senders and Blocked Senders lists for all mailboxes

Get all the available information about the Mailbox Junk Email Configuration, including the email addresses and domain names that appear in the Safe Senders and Blocked Senders lists for all mailboxes.

Run the below PowerShell command.

Get-Mailbox -ResultSize Unlimited | Get-MailboxJunkEmailConfiguration | Format-Table Identity, ContactsTrusted, Enabled, TrustedSendersAndDomains, BlockedSendersAndDomains -AutoSize

The PowerShell output shows the below results.

Identity                             ContactsTrusted Enabled TrustedSendersAndDomains                        BlockedSendersAndDomains
--------                             --------------- ------- ------------------------                        ------------------------
55f8d235-9a1d-49cf-83be-989ffd694f54            True   False {alice@gmail.com, safedomain.com, o365info.com} {spam@gmail.com, itspam@gmail.com, itspam.com, spamit.com}
41377e9c-dc47-46c0-b4a5-1d5bbdcb5cc5            True    True {alice@gmail.com, o365info.com}                 {spam@gmail.com, itspam.com}
f8261d51-3df9-4f21-a6b1-533412669c11            True   False {alice@gmail.com, safedomain.com, o365info.com} {spam@gmail.com, itspam@gmail.com, itspam.com, spamit.com}
7bfec79d-7806-484a-ac83-133cd4cf5af5            True   False {alice@gmail.com, safedomain.com, o365info.com} {spam@gmail.com, itspam@gmail.com, itspam.com, spamit.com}
82cd0d62-e974-4892-aca6-e0387abc62be            True   False {alice@gmail.com, safedomain.com, o365info.com} {spam@gmail.com, itspam@gmail.com, itspam.com, spamit.com}
5f4d37cd-383c-413f-87a2-aab0dc6a531a            True   False {alice@gmail.com, safedomain.com, o365info.com} {spam@gmail.com, itspam@gmail.com, itspam.com, spamit.com}
0f38d53f-cbe0-4844-86e9-1032a45ba31b            True   False {alice@gmail.com, safedomain.com, o365info.com} {spam@gmail.com, itspam@gmail.com, itspam.com, spamit.com}

Export information to CSV file

To manage the Junk Email Filter lists for all mailboxes, you can export all information to an Out-GridView and CSV file. It exports the email addresses and domain names in the Safe Senders and Blocked Senders lists of each existing Exchange mailbox.

1. Create a temp folder in the (C:) drive
2. Specify the CSVpath in line 3
3. Run the PowerShell script to export information

Get-Mailbox -ResultSize Unlimited | Get-MailboxJunkEmailConfiguration | Out-GridView

$CSVpath = "C:\temp\AllMailboxesJunkEmail.csv"

$Mailboxes = Get-Mailbox -ResultSize Unlimited
$Output = @()

foreach ($Mailbox in $Mailboxes) {
    $JunkEmailConfig = Get-MailboxJunkEmailConfiguration $Mailbox
    $Properties = [PSCustomObject]@{
        UserPrincipalName        = $Mailbox.UserPrincipalName
        DisplayName              = $Mailbox.DisplayName
        Enabled                  = $JunkEmailConfig.Enabled
        ContactsTrusted          = $JunkEmailConfig.ContactsTrusted
        TrustedSendersAndDomains = ($JunkEmailConfig.TrustedSendersAndDomains -join ',')
        BlockedSendersAndDomains = ($JunkEmailConfig.BlockedSendersAndDomains -join ',')
        
    }
    $Output += $Properties
}

# Output the mailbox information to Out-GridView
$Output | Sort-Object DisplayName | Out-GridView -Title "Junk Email Options of all mailboxes"

$Output | Sort-Object DisplayName | Export-Csv -Path $CSVpath -NoTypeInformation -Encoding utf8

4. The Out-GridView results appear

5. Open the CSV file with Microsoft Excel to see the results

That’s it!

Read more: How to Block Senders in Microsoft 365 »

Conclusion

You learned how to manage Safe Senders and Blocked Senders Lists with PowerShell. Each user can add or remove email addresses and domain names to their Safe Senders and Blocked Senders lists in Outlook. With PowerShell, you can manage these junk email options for all mailboxes and export all information to a CSV file.

Did you enjoy this article? You may also like How to import Google contacts to Outlook. Don’t forget to follow us and share this article.