Why is Outlook 2007 ignoring my command to append a text file to my user's Safe Senders lists?

Posted on 2010-11-16
Last Modified: 2012-05-10
Greetings -

I have a Group Policy deployed in my environment for Outlook 2007 that does two things related to the Junk E-mail Safe Senders list:

1.  Specifies the path to a text file located on the user's workstation that contains a simple list of domain names.

2.  Flips the registry value JunkMailImportLists to "1" to tell Outlook to import the Safe Senders list each time it launches.  The path to this value is: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Options\Mail

This configuration worked fine for a long time.  Sometime in the past few months, I have no idea when, this stopped working.

I have Exchange 2010 and Office 2007 in my environment.  I'm wondering if my upgrade to Exchange 2010 might be causing the Outlook client to behave differently, or if a patch Microsoft released for Outlook broke this functionality but either way: the text file I specify is no longer appended to Outlook's Safe Senders list anymore.  It flat out ignores it.  Regardless of what I put in the Safe Senders text file now, Outlook does not import the values.

The web is loaded with inconsistent information on how to configure a GPO for importing a Safe Senders list throughout an enterprise.  I worked with Microsoft Premier on this configuration and it *did* work for months.  I've set the JunkMailImportLists registry key which was missing from the original Office ADM file - a known bug.  I've configured the proper path to the file, the file exists, and this issue happens on any profile on any workstation.  So I'm at a loss here.

Before I call Premier, I wanted to know if anyone else has seen this behavior.  When upgrading to Exchange 2010, did your import stop working?  Has a patch broken this?  Any other input?
Question by:amendala
  • 6
  • 3
LVL 20

Expert Comment

ID: 34149916
Not sure I set this up for my last company, which they had Outlook 2003.   Its not a great change for 2007.   I have attached my proedure how I set it up.    I understand this was already working for you at one time, but I would go over this doc to see if it kicked off a lightbulb.

Is the share for the text file up and accessible?  

Author Comment

ID: 34149961
Yeah I reviewed your Doc and it's nearly identical to what I'm doing.  The only difference is, the safe senders list is a file local each workstation, not up on a share.  I push the file to the workstation using Group Policy Preferences.  It is accessible.

I've tried pointing it to a copy of the file on sysvol as well and it makes no difference so I've taken permissions issues off the list of potential problems at this point.

Frustrating for sure...
LVL 20

Expert Comment

ID: 34149995
This might be a pain...but what about creating a test see if it works?  

Author Comment

ID: 34150012
What do you mean create a test GPO?  I've already got a GPO in place with this functionality.  You mean recreate it entirely?

The GPO's values are definitely getting written to the registry.  I can validate that manually.  The safe senders list path is properly published as well as the JunkMailImportLists value.

I'm confused as to what you're asking.
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

LVL 20

Expert Comment

ID: 34150130
Yes recreate it entirely...or create a test GPO and apply it to only one user to see if it works.   There might be something wrong with your orginal GPO.    Do you see the last time to orginal gpo was modified?

Author Comment

ID: 34150262
Well if the registry values are there for the safe senders file and the JunkMailImportLists value is set correctly, regardless of the GPO's health, Outlook should append the list.

But just for troubleshooting sake, I did recreate the entire GPO, applied it only to my computer and user accounts, denied the old GPO via security filtering, ran gpupdate and I get the same result.  The registry entries are proper, Outlook doesn't listen.

Author Comment

ID: 34155564
I have a suspicion that this behavior began when we upgraded our Exchange 2007 environment to 2010.  Tough I have no idea where the settings are that would cause the client to behave this way.  Perhaps Exchange 2010 maintains tight, centralized control over an aggregated safe senders list or something that causes Outlook to ignore what I'm telling it.

Anyway, doesn't seem like there's a solution to the problem.  I'll leave the question open for a few more days and if I end up talking to Microsoft Premier, I'll post what I learned here.

Accepted Solution

amendala earned 0 total points
ID: 34285213
Microsoft Premier has confirmed that this functionality is by design.  The Safe Senders list is designed to be created and deployed via Exchange 2010 through Edge Transport functionality.  Obviously, inner-domain traffic will follow the rules of domain trust and by default, all those E-mail addresses will be trusted senders.  For external mail, Microsoft wants you to leverage the Safe Senders list management functionality with in Edge Transport to maintain a global list.  For the local list on each user's Outlook instance, it is up to the user to manage that.

Author Closing Comment

ID: 34324388
Premier confirmed behavior is by design.

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now