Link to home
Start Free TrialLog in
Avatar of gsswho6
gsswho6Flag for United States of America

asked on

Block anything not .com/.net office 365

How to block emails in office 365 that are .com.XX..... Notice most of our malicious emails are coming from .com.XX address's... Example joesmith@test.com.kr .... I want to block anything that has something after the .com ....

Even better i would like to only allow .com or .net email to come thru but still block .com.XX and .net.XX etc...

Hope what i said made sense. Office 365 has alot of tools but a lot of common sense things they lack.
Avatar of _agx_
_agx_
Flag of United States of America image
Disclaimer, I haven't used this feature myself, but this blog says you can set up a regex based rule in Office 365 Admin Center.
https://syscloudpro.com/2016/01/08/block-sender-in-office-365-based-on-regex-pattern/

Then you could use a regex to match the emails you want to block. Something like this would block anything ending in ".com.(any characters)" or ".net.(any characters)"

          
\.(com|net)\.(.+)$

Open in new window

Avatar of gsswho6
gsswho6
Flag of United States of America image

ASKER

Interesting... Thanks for the reply....
Avatar of gsswho6
gsswho6
Flag of United States of America image

ASKER

I have a ticket open with MS right now and they said they are testing something on their end... A little scary when the MS tech on the phone is not sure about their own product and how it works.... I would think this has to be something someone has asked for before....
Avatar of _agx_
_agx_
Flag of United States of America image
I'm thinking a "rule" should work, since outlook and the like have had "rules" since the early days. So the concept isn't new.

Yeah, surprising that spam blocking techniques aren't at the top of their list.
Avatar of gsswho6
gsswho6
Flag of United States of America image

ASKER

Yea im thinking they have to have some sort of transport rule to block all emails except .com/.net/.org .... But also keeping it only .com and not .com.xy etc...  Their international spam seems to not even work or at least its very easily bypassed.
Avatar of gsswho6
gsswho6
Flag of United States of America image

ASKER

MS says cannot be done... Makes no sense to me.
Avatar of _agx_
_agx_
Flag of United States of America image
Really? What exactly is it they're saying can't be done i.e. the "something" they mentioned trying?  Also, what did they say about what's described in the link, i.e. defining custom rules?
Avatar of gsswho6
gsswho6
Flag of United States of America image

ASKER

They said cannot be done... Only if i knew the domain name... Which makes 0 sense to me.... They send they are going to send me some documentation on something else that may work and that is blocking IP's as a conditional rule for all countries outside of US.... But if someone is inside the US using a .com.kr addy well then i guess im just screwed... good ol MS with there 1/2 way solutions.
Avatar of _agx_
_agx_
Flag of United States of America image
So they're saying they don't support patterns or regex's in custom rules - only exact matches? That makes absolutely no sense to me either.  Of all things - transport rules - should be customizable.
Avatar of _agx_
_agx_
Flag of United States of America image
What type of account are they saying doesn't support this - home or business?
Avatar of gsswho6
gsswho6
Flag of United States of America image

ASKER

I have business so i assume business? I don't use Azure AD so this conditional crap doesn't even apply to me I don't think. What i want seems pretty damn simple but now it looks like i am off on a wild goose chase from what these MS guys sent me...
Avatar of MLV CM
MLV CM
Flag of United States of America image
Try creating a rule under mailflow (see attached screenshot)
rule.PNG
Avatar of MLV CM
MLV CM
Flag of United States of America image
You can also block emails with certain languages in them as well as from different countries.https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Spam-email-and-Office-365-environment-connection-and-content/ba-p/585893
Avatar of _agx_
_agx_
Flag of United States of America image
@MLVCM - Just curious, so it supports regex's as well? The blog entry I came across says it's a supported rule, but can't test it right now.
Avatar of gsswho6
gsswho6
Flag of United States of America image

ASKER

Thanks MLV... The block emails with languages and countries have already been applied yet it doesnt block many emails... Still alot of .com.ar and .com.in /etc come thru...

I guess i could create a rule each time to block specifically a domain like .com.ar  but i wanted to just block them all and only allow .com... Dont understand why that would not be an option.
Avatar of gsswho6
gsswho6
Flag of United States of America image

ASKER

This is already done... But it does NOT work very well... Even with every country selected except the US still some .com.kr and .com.ar etc still get thru.... I imagine its because the sender is probably in the US but using a .com.kr address which completely navigates around their block... Why would they not just give an option to block it at the domain level as .com.kr ?
Avatar of gsswho6
gsswho6
Flag of United States of America image

ASKER

MLV i have not. I have asked MS to help with this awhile back but they just sent me a white paper and I didn't feel comfortable trying to figure it out.... Is this something that would greatly help? From what i remember reading does MS already do this by default in some ways?
Avatar of MLV CM
MLV CM
Flag of United States of America image
It will help and MS will not do it for you.  The whitepaper is pretty good.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.