Deploying Junk E-mail Safe Senders lists in Outlook

We are all the time confronted with spam and junk emails and most of us appreciate the fact that “those” emails go into a special folder – the Junk E-mail folder.


I will not go into explaining what Junk emails are all about, and I will not start to give details about the way Outlook decides what is Junk email and what is not – this is confidential information (for security reasons).

See also - Description of the policy for how e-mail is filtered by the junk e-mail filters in Outlook or in Exchange Server


Instead let’s discuss another “peculiarity” of this junk mail filtering: why some internal, business and “legit” emails end up in the famous Junk email folder in Outlook when you use Outlook in cache mode (the junk email filter is activated only when Outlook is in cache mode, when Outlook is in online mode the filtering will be performed on the Exchange server).


Some of you might have internal applications, such as printers or in-house applications that send emails, and you may notice that some of these emails end up in the Junk folder in Outlook.

This might happen even if the sender’s email address is internal.


Usually this happens if the sender’s email address cannot be resolved against the GAL. You can check for example in the recipient’s mailbox how the sender’s address appears when double-clicking on it.


If you get this type of window, with basic information, then it means that Outlook cannot resolve the sender’s name to the Global Address List and hence treats the sender as an external user who is trying to do an anonymous authentication - so Outlook will consider the user a “threat” and deliver the email to the Junk folder.





If you see this type of window, then Outlook recognizes the sender as an internal user, and in this case, there is another reason why Outlook may rate the email as junk.




If you are confronted with the first situation, then one thing you can try is to make sure that your application authenticates into the domain before sending the email.


Here is a hint on how to do that:


Another and more commonly used solution (for both the scenarios described above) is to add the sender’s email address to the Safe Senders List in Outlook.


This is easy to do for one user, and the options are pretty straightforward. But how about deploying the Safe Senders Lists for all the users at once?


Depending on the version of Outlook you use and also on whether you prefer to deploy the lists and the settings via GPO or with the help of a customized file, here are the steps to perform:



Outlook 2003




First of all you need to have the Office 2003 ADM template that you can download here:


Then you can go to Tools | Options | Preferences | Junk E-mail and enable the two following options:


-          Overwrite or Append Junk Mail Import List (check the box if you want to overwrite the Safe Senders lists the users might have already defined individually in Outlook, or leave the tick unchecked if you just want to add the entries defined in your list to the entries already defined by the users)

-          Specify path to Safe Senders list – you can copy the SafeSendersList txt file either locally on the user’s machine (to a default location for all the users) or put it on a share where all users have access. Then you can specify the path to this location using this policy.






You need to create the Safe Senders list and deploy it using CIW/CMW. All required steps are described in the following article:


Outlook 2007


Via the GPO, you have to configure two policies:


1.       Specify path to Safe Senders lists (you can specify either a local path on the user’s computer, which will require that you copy the Safe Senders list to that location, or oyu can specify a network share where all users should have permissions)

2.       Overwrite or Append Junk Mail Import Lists (if you Enable the policy, it will overwrite the existing list the users might have, if you put the policy on Disable, it will only append (add) the entries in your list to the existing Safe Senders list of the users)

3.       You must also check that you have the following key present on the users ‘machines: JunkMailImportLists, with a value of 1 (to enable the import of the lists) (HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail).


You can also modify the default Outlook .adm template to add this key. To do this, edit the .adm in Notepad and add the following entries:



·         CLASS USER

CATEGORY "Junk E-mail For Outlook 2007"

KEYNAME Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail

POLICY "JunkMailImportLists"

VALUENAME JunkMailImportLists




NOTE:  It is not supported to use customized .adm templates


Please find below some articles that explain the procedure to follow in order to deploy the Safe Senders list. - Plan for limiting junk e-mail in Outlook 2007 (et surtout la partie Support in different versions of Exchange Server)  - Configure junk e-mail settings in Outlook 2007  - Junk E-Mail - Helping Users Avoid Junk E-mail Messages in Outlook 2003 - Deploy Junk E-mail Lists Throughout Your Organization
 - When you change a junk e-mail setting in the Outlook 2007 user interface, the junk e-mail setting reverts to the configuration that is set in the registry after you restart Outlook

Comments (1)

  1. Ranz says:

    Is there no way of doing all this without having to make the registry change?

Skip to main content