Importing Safe and Block Lists with PowerShell

I just dropped my van off for some maintenance at the dealership and am currently waiting for a shuttle to take me to the office. As I sit here I’m thinking about EOP and PowerShell and have come up with a great idea for this week’s article. I don’t always think about EOP outside of work, but when I do, watch out! Already, let's dive in.

In my role I work with customers that are brand new to Exchange Online Protection and assist them in implementing and troubleshooting the service. Typically customers come from a 3rd party spam filtering service and have existing safe and block lists in place which they want to migrate over to EOP. If these lists are long, the process of adding them to EOP through the online portal can be very agonizing. Luckily, there’s an easier and quicker way to do this, PowerShell to the rescue! This article is going to focus on lists that are comprised of sender domains, but this script can easily be modified for specific senders.

Example

We have a list of domains we want to safe list in EOP. We may have an existing rule that we would like to append domains to, or we may need to create a new rule from scratch.

First off, create a .csv file containing all of the domains (one per line) that should be added to the safe list. Here’s what mine looks like.

Once this is created we can jump into PowerShell.

  1. If there isn’t an existing transport rule then we’ll need to create one. Since we’re talking about PowerShell let’s use a cmdlet to accomplish this. If you already have a safe list transport rule then go straight to step #2.

    New-TransportRule –name SafeDomains –SetSCL -1

    The above will set the SCL to -1 (Bypass spam filtering) for messages that trigger this rule.

  2. Now we need to add the domains that we want to safe list to this rule. The following script will work both for brand new rules and for existing rules. If you have an existing safe list rule, this script will append the new entries to those that already exist in the rule.

    $csvImport=Import-Csv .\SafeDomains.csv -header domains
    $rule = Get-TransportRule SafeDomains

    #create safeDomains as an array
    $safeDomains = @()

    if ($rule.SenderDomainIs -ne $null)
    {
    $safeDomains = $rule.SenderDomainIs
    }

    foreach($v in $csvImport.domains)
    {
    $safedomains += $v
    }

    set-TransportRule SafeDomains -SenderDomainIs $safeDomains

That’s it! Here’s how my rule looks in the portal.


 
To create a block list, change the action above to how you would like EOP to handle messages that are received from the blocked domains (ex. delete message, move to quarantine, set a high SCL, etc…).

Connecting to PowerShell is quite easy, but often people need just a little push in the right direction with a sample script to get really moving on their own. It reminds me of this saying.

Give a person a fish and you feed them for a day. Teach a person to fish and you feed them for a lifetime.

Happy scripting!

Resources

Exchange Online PowerShell
Exchange Online Protection PowerShell

Note: If you have Exchange Online licenses (which include EOP), use the first link. If you have Exchange Online Protection licenses, use the second link.