Skip to main content

Microsoft provides many ways to block domains. However, blocking a Top-Level Domain (TLD) for mail is only possible through a mail flow rule. We might see a change where you can add it in the Block tenant section in the future. In this article, you will learn how to block Top-level Domains in Microsoft 365.

What is a Top-Level Domain (TLD)?

A TLD is everything that follows the final dot of a domain name. For example, in the domain name ‘google.com’, ‘.com’ is the TLD. Some other popular TLDs include ‘.org’, ‘.uk’, and ‘.edu’.

Why you should block spammy Top-Level Domains

There are some TLDs that you never want to get email from. So, it’s best to block them immediately once they are sent to your organization.

When you look at The 10 Most Abused Top Level Domains, you can see that many TLDs are sending a lot of spam.

Spamhaus Top 10 most abused Top Level Domains

Block Top-Level Domain in Microsoft 365 with mail flow rule

To block Top-Level Domains in Microsoft 365, follow the below steps:

  1. Sign in to Exchange admin center
  2. Click on Mail flow > Rules in the menu
  3. Click Add a rule > Create a new rule
Block Top-Level Domain (TLD) in Microsoft 365 add rule
  1. Give the new rule a name. For example, Block Top Level Domain.
  2. Set the correct rule conditions for the transport rule.

The below screen with the conditions will delete the message if it matches the Top-Level Domains .zip or .live without notifying anyone.

The sender address matches any of these text patterns looks like:

\.zip$
\.live$

Note: This will delete the message, and neither the sender nor the recipient will receive a message about the messages being blocked.

Block Top-Level Domain (TLD) in Microsoft 365 delete the message without notifying anyone

The below screen with the conditions will deliver the message to the spam quarantine mailbox if it matches the Top-Level Domains .zip or .live

The sender address matches any of these text patterns looks like:

\.zip$
\.live$
Block Top-Level Domain (TLD) in Microsoft 365 deliver message to spam quarantine mailbox
  1. Select Enforce in the rule mode.
  2. Fill in the Comments section with the link to the article so you or your colleagues are always up to date.
  3. Click Next.
Enfore transport rule
  1. Click Finish.
Review and finish new transport rule
  1. Click in the Rules list on the rule and enable the rule.
Enable Block Top-Level Domains transport rule

Check block Top-Level Domains

If you selected the option to delete the message without notifying anyone, there is nothing to see for you in quarantine. Suppose you selected to deliver the message to spam quarantine mailbox, it will look like the below.

Open the Microsoft Defender quarantine, and you will see the blocked messages because they have a TLD that you added in the mail flow rule to block.

Open email quarantine in Microsoft Defender

Click on the message to see the details (scroll through it for all the details).

Message quarantine details

That’s it!

Leave a Reply