Blocking or allowing a sender in Outlook


Microsoft 365 email has a built-in system, Exchange Online Protection (EOP), designed to ensure malicious email does not make it to your Inbox. Email coming into our environment is first checked to determine if it is coming from a source currently on an Internet Blacklist, if it is the mail is rejected, otherwise, it passes on to EOP where it checks to see if Yale is explicitly allowing or denying email from that address or domain. It then passes through content filtering designed to determine if a message contains malicious content such as malware or ransomware, or if it may be spam. Anything determined to contain malicious content is quarantined and not delivered to a mailbox, if it is uncertain but appears to be potentially malicious or spam it will filter the message to the intended recipient's Junk email folder in Outlook or Outlook Web App. Lastly, it checks if the recipient of the message has a block or allow list defined in Office 365 email.


If the recipient of a message has a sender's address or domain on an allow list, a message otherwise bound for delivery to the Junk folder will be delivered to the Inbox instead.

Likewise, If the recipient has the sender's address or domain on a block list, a message otherwise bound for delivery to the Inbox will always be routed to Junk.

 

Managing Safe or Blocked Senders in Outlook Web App

  1. Log into Outlook Web App
  2. At the top of the screen, select Settings (the gear icon) and click the Mail link.
  3. Under Mail, select the Junk Email section.
  4. If you want to block an email address or all emails from a domain.
    1. Under Blocked senders and domains, select Add and enter the email address or the domain and press Enter. 
  5. If you want to allow an email address or all email from a domain.
    1. Under Safe senders and domains, select Add, enter the email address or domain you want to add, and press Enter.

Note: We strongly discourage adding domains to the Safe Senders or Block Senders lists as you may allow or block unintended email. We recommend always being as precise as possible.

 

For information on managing spam and reporting phishing attacks please see Reporting Spam or Phishing emails.