Use this operation to add or remove email senders, domains, and IP addresses from the Tenant Allow/Block list in Microsoft Defender for Email.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: Email Security
Domain: Sender Allowance Management, Sender Block Management
Modifies: Blocked Tenant Senders and Domains, Blocked Tenant IP Addresses, Blocked Spoofed Senders and Domains, Blocked Spam Senders and Domains
When to Perform this Operation
As Needed: Proactive or in Response to User/Security
Technical Description and Importance
Blocking malicious email senders, spoofed domains, and spam sources is crucial for maintaining a secure email environment. By adding entries to blocklists, organizations can prevent phishing attempts, spam infiltration, and malicious email campaigns from reaching users. This process supports organizational email security policies and reduces the risk of business email compromise. Regularly updating blocklists ensures that emerging threats are mitigated effectively while maintaining operational efficiency.
Management Options
- Block a Sender or Domain
- Block an IPv6 Address
- Block a Spoofed Sender or Domain
- Block a Spam Sender or Domain
Block a Sender or Domain:
Purpose
Add an email sender or domain to the tenant-wide blocklist to prevent email delivery.
Use Case
A known phishing domain is repeatedly sending malicious emails to users.
Block an IPv6 Address:
Purpose
Prevent emails from specific IPv6 addresses from reaching the organization.
Use Case
A spam campaign is originating from a specific IPv6 address and needs to be blocked.
Block a Spoofed Sender or Domain:
Purpose
Add a sender or domain to the spoof blocklist to prevent impersonation attacks.
Use Case
Attackers are using a fake version of an internal domain to send fraudulent emails.
Block a Spam Sender or Domain:
Purpose
Block sources identified as persistent spam senders.
Use Case
A particular sender is sending a high volume of unwanted marketing emails.
| Operation | Action | Target |
| Block a Sender or Domain | Addition | Blocked Tenant Senders and Domains |
| Block an IPv6 Address | Addition | Blocked Tenant IP Addresses |
| Block a Spoofed Sender or Domain | Addition | Blocked Spoofed Senders and Domains |
| Block a Spam Sender or Domain | Addition | Blocked Spam Senders and Domains |
Block a Sender or Domain
This operation blocks a sender or domain, preventing emails from being delivered.
1. Defender for Email Tenant Block
Block an IPv6 Address
This operation prevents email traffic from a specific IPv6 address.
1. Defender for Email IP Address Block
Block a Spoofed Sender or Domain
This operation prevents spoofing attacks by blocking known impersonation sources.
1. Defender for Email Spoof Block
Block a Spam Sender or Domain
This operation blocks persistent spam sources to improve email hygiene.
1. Defender for Email Spam Block
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.