WinDeveloper IMF Tune

WinDeveloper IMF Tune
WinDeveloper IMF Tune
  • Home
  • Exchange 2016
  • SafeSenders, BlockedSenders and the Mystery of Misclassified Emails

SafeSenders, BlockedSenders and the Mystery of Misclassified Emails

Alexander Zammit

Alexander Zammit Photo

Software Development Consultant. Involved in the development of various Enterprise software solutions. Today focused on Blockchain and DLT technologies.

Cast your Vote
Poor Excellent

Outlook SafeSenders, BlockedSenders lists often catch administrators unprepared. Users have the power to directly configure how spam is filtered at the server. Luckily Exchange provides for managing these settings from the shell.

If you are looking for an article full of suspense I am sorry to disappoint you. The heading gives away the entire plot. The story is about misclassified emails and the culprits have already been identified to be the Outlook SafeSenders and BlockedSenders lists.

This is one of those stories that have been recounted several times. Everyone seems to know it, and yet many are still caught unprepared. Supporting IMF Tune, with its tight Exchange anti-spam integration, I often end up troubleshooting Exchange problems to prove that our product is working fine. So I find myself in the perfect position to regularly rescue those who forget of this trap.

The story always concerns incoming emails. Sometimes a legitimate email is always getting blocked. Other times it's a spam email that seems unstoppable getting delivered to the user Inbox. Very often the problem affects one user (the boss of course) but it could also concern multiple or all user mailboxes.

What makes this problem elusive is that pretty much everyone today uses server-side spam filtering (whether on-premises or cloud). Administrators often think that they are in complete control of the filter configuration. After all, aren't they the only ones to access the server configuration?

We have a video series on the various server-side spam filters available in Exchange out-of-the-box. The videos cover the configuration tasks Exchange administrators perform when managing these filters. Unfortunately even these videos overlook the sneaky Outlook sender lists.

Note: The videos were produced for Exchange 2013 but are largely applicable to all Exchange versions from 2007 up to 2016. Check them for a tour of the anti-spam features readily available in Exchange.

Getting back to our problem scenario, consider a legitimate email getting blocked with a Sender Denied SMTP rejection response. The Exchange administrator looks up the blocked senders at the Sender Filter Agent configuration but finds nothing:

Get-SenderFilterConfig | FL BlockedSenders,BlockedDomains

Stopping the Sender ID filter makes no difference. So what can it be, given the very clear rejection response?

This is when we should check the Outlook sender lists. Outlook lists are the window for users to customize their spam filtering directly. These settings are taken up by transport servers and are enforced together with all other server-side anti-spam settings.

Before Exchange 2010 managing these settings wasn't easy. We had to login as the user and change the settings from Outlook/OWA, or else we could use complex scripts.

However the situation improved significantly as from Exchange 2010 with the introduction of the lifesaving MailboxJunkEmailConfiguration cmdlet. This allows us to review and modify the anti-spam settings configured by users.

 

Working with MailboxJunkEmailConfiguration

To see the sender lists for a user mailbox:
Get-MailboxJunkEmailConfiguration -Identity "UserName" | FL TrustedSendersAndDomains,BlockedSendersAndDomains

We can use the usual list manipulation syntax to modify these lists. Clearing the blocked senders list is done by setting it to $null as follows:
Set-MailboxJunkEmailConfiguration -Identity "UserName" -BlockedSendersAndDomains $null

To completely replace all the list entries:
Set-MailboxJunkEmailConfiguration -Identity "UserName" -BlockedSendersAndDomains "user1@domain.com","user2@domain2.com","spam1.com","spam2.com"

Here I am clearing all BlockedSendersAndDomains entries, replacing them with two addresses and two domains.

To add new addresses to the current BlockedSendersAndDomains list:
Set-MailboxJunkEmailConfiguration -Identity "UserName" -BlockedSendersAndDomains @{Add="new@domain3.com","spam3.com"}

To only remove specific entries from the BlockedSendersAndDomains list:
Set-MailboxJunkEmailConfiguration -Identity "UserName" -BlockedSendersAndDomains @{Remove="new@domain3.com","spam3.com"}

 

Configuring Multiple Mailboxes

If we wanted to modify multiple user mailboxes we would pipe the result of Get-Mailbox into Set-MailboxJunkEmailConfiguration.

For example here I am clearing all sender lists on all mailboxes for the specified Mailbox Database:
Get-Mailbox -Database MailboxDatabaseName | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains $null -BlockedSendersAndDomains $null -ErrorAction SilentlyContinue

When dealing with multiple mailboxes it's best to include the ErrorAction parameter to SilentlyContinue. Otherwise newly created mailboxes may cause the operation to fail.

Running cmdlets on multiple mailboxes is most useful when clearing lists or removing problematic addresses. Adding addresses to all user lists is less useful. Addresses that should be blocked/accepted by all users should go to the server configuration whenever possible.

 

More MailboxJunkEmailConfiguration Options

Apart for the sender lists let me also highlight some other important MailboxJunkEmailConfiguration parameters that allow us to control more anti-spam settings.

Enable - Enables/Disables the Junk Email filtering functionality for the mailbox. This switch is so useful that I wrote another article to cover it: Exchange 2003, 2007, 2010, 2013 Junk Email Folder.

Other configuration options to be aware of include the ContactsTrusted and the TrustedListsOnly switches. These are set to $true or $false. ContactsTrusted causes all contacts to be considered as Trusted Senders. If $true, the set of trusted senders can be significantly extended without directly editing the anti-spam sender lists.

On the other hand TrustedListsOnly significantly limits who is considered to be a source of legitimate emails. If $true emails are considered to be spam unless they are sent from a trusted sender.

So these options also have a significant impact on how emails are filtered. Indeed these can be trickier to pinpoint than an explicit TrustedSendersAndDomains/BlockedSendersAndDomains entry.

 

Copyright © 2005 - 2024 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation