How to block Top-Level Domain (TLD) in Microsoft 365

Microsoft provides many ways to block domains. However, blocking a Top-Level Domain (TLD) for mail is only possible through a mail flow rule. We might see a change where you can add it in the Block tenant section in the future. In this article, you will learn how to block Top-level Domains in Microsoft 365.

What is a Top-Level Domain (TLD)?

A TLD is everything that follows the final dot of a domain name. For example, in the domain name ‘google.com’, ‘.com’ is the TLD. Some other popular TLDs include ‘.org’, ‘.uk’, and ‘.edu’.

Why you should block spammy Top-Level Domains

There are some TLDs that you never want to get email from. So, it’s best to block them immediately once they are sent to your organization.

When you look at The 10 Most Abused Top Level Domains, you can see that many TLDs are sending a lot of spam.

Block Top-Level Domain in Microsoft 365 with mail flow rule

To block Top-Level Domains in Microsoft 365, follow the below steps:

1. Sign in to Exchange admin center
2. Click on Mail flow > Rules in the menu
3. Click Add a rule > Create a new rule

4. Give the new rule a name. For example, Block Top Level Domain.
5. Set the correct rule conditions for the transport rule.

The below screen with the conditions will delete the message if it matches the Top-Level Domains .zip or .live without notifying anyone.

The sender address matches any of these text patterns looks like:

\.zip$
\.live$

Note: This will delete the message, and neither the sender nor the recipient will receive a message about the messages being blocked.

The below screen with the conditions will deliver the message to the spam quarantine mailbox if it matches the Top-Level Domains .zip or .live

The sender address matches any of these text patterns looks like:

\.zip$
\.live$

Note: This will deliver the message to the spam quarantine in Exchange Online Protection (EOP). More about the Microsoft 365 quarantine can be seen in the article Check Office 365 quarantined emails.

6. Select Enforce in the rule mode.
7. Fill in the Comments section with the link to the article so you or your colleagues are always up to date.
8. Click Next.

9. Click Finish.

10. Click in the Rules list on the rule and enable the rule.

Check block Top-Level Domains

If you selected the option to delete the message without notifying anyone, there is nothing to see for you in quarantine. Suppose you selected to deliver the message to spam quarantine mailbox, it will look like the below.

Open the Microsoft Defender quarantine, and you will see the blocked messages because they have a TLD that you added in the mail flow rule to block.

Click on the message to see the details (scroll through it for all the details).

That’s it!

Note: Do you want to block Top-Level Domains when used in a message body instead of the email address? You can use the Tenant Allow/Block Lists feature. Read the article How to block Top-Level Domain in Microsoft 365.

Keep reading: Block sign-in from shared mailboxes »

Conclusion

You learned how to block Top-Level Domain in Microsoft 365 (Exchange Online). The only method to block Top-Level Domains from sending email addresses is by creating a mail flow rule. Remember to enable the rule and wait 15 minutes before it gets updated on all Microsoft cloud servers. After that, it’s active.

Did you enjoy this article? You may also like Configure DMARC record for Office 365. Don’t forget to follow us and share this article.