cd ..
EN
Security
Perimeter Defense in M365: How to Block Domains in Exchange
R
Rodolfo Echenique
Automated Translation: This article was originally written in Spanish and translated by Gemini AI.
In the world of IT infrastructure, email remains the number one attack vector. Whether for corporate security or simply to maintain sanity in the face of massive spam, knowing how to manage entry barriers is vital. Here we explain how to do it with surgical precision.
In a corporate environment, mailbox hygiene is not a luxury; it is an operational necessity. While Microsoft's automatic filters do a good job, sometimes we need to take manual control and say: "You shall not pass".
One of the most effective ways to stop a targeted phishing campaign or persistent spam is by blocking the originating domain directly within Exchange Online policies. Unlike blocking a sender from Outlook (which only affects one user), this method protects the entire organization.
Process Flow Diagram
For those who prefer to visualize the route before clicking, here is the navigation map within the Microsoft maze:
style A fill:#333,stroke:#333,stroke-width:2px,color:#fff
style G fill:#FF6B00,stroke:#FF6B00,stroke-width:2px,color:#fff
Step-by-Step: Configuration in Exchange Online
Below, we detail the validated technical procedure for applying this block.
1. Administrative Access
Log in to the Microsoft 365 Admin Center. You will need Global Admin or Exchange Admin credentials. If you don't have them, it's time to invite your IT team for coffee.
2. Navigation to Exchange
On the left panel, expand the Mostrar todo (Show all) option and select Exchange. This will open the modern Exchange Admin Center (EAC) in a new tab.
3. Threat Policies
The path has changed slightly in recent versions. Follow this route:
- Go to Correo electrónico y colaboración (Email and collaboration).
- Click on Políticas y reglas (Policies and rules).
- Select Políticas contra amenazas (Threat policies).
- Finally, enter Anti-spam.
4. Editing the Inbound Policy
You will see several policies. Generally, we will edit the Anti-spam inbound policy (Default), unless you have custom policies for specific departments.
Click on the policy name, and a right sidebar panel will appear. Scroll down to the end and look for: "Edit allowed and blocked senders and domains".
5. Executing the Block
This is where the magic happens:
- In the Dominios bloqueados (Blocked domains) section, click Manage domains.
- Press Add domains.
- Type the domain (e.g., ). Note: Do not include the @.
spam-molesto.com - Confirm with Add domain and then Done.
- Important: Don't forget to click Guardar (Save) in the main policy to apply the changes.
💡 Senior Tip: Be very careful when blocking generic domains like or . If you do, you will block personal emails from clients, suppliers, and probably the cookie recipe your aunt sent you. Only use this for specific or suspicious corporate domains.
gmail.comhotmail.comConclusion and Analysis
Blocking domains at the Exchange level is a "brute-force" measure necessary for perimeter security. It ensures that no user in your organization, no matter how careless, receives emails from known malicious sources.
However, security is not static. Attackers change domains faster than we change coffee. At Central Node, we recommend complementing these blacklists with intelligent transport rules and well-calibrated anti-phishing policies.
Is your inbox still a battlefield? Let us help you set up a solid, seamless defense.
SysAdmin Ciberseguridad Microsoft365 ExchangeOnline AntiSpam SeguridadInformatica BloqueoDominios ITSupport InfraestructuraIT Office365 EmailSecurity TechTips CentralNode AdministracionRedes PhishingProtection SecureEmail ExchangeAdmin BestPractices CloudSecurity MicrosoftAdmin