News We Recently Launched SysTools Email Decryptor , SysTools Data Recovery Toolkit , SysTools Video Converter , SysTools Email Address Checker , SysTools MBOX Splitter , SysTools MBOX Merge , SysTools CSV Split & Merge , SysTools Excel Split & Merge | News SysTools Commitment to Child Safety: Upholding the Fight Against CSAM |
News We Recently Launched SysTools Email Decryptor , SysTools Data Recovery Toolkit , SysTools Video Converter , SysTools Email Address Checker , SysTools MBOX Splitter , SysTools MBOX Merge , SysTools CSV Split & Merge , SysTools Excel Split & Merge | News SysTools Commitment to Child Safety: Upholding the Fight Against CSAM |
Home » Updates » Office 365 » How to Block Top Level Domain in Microsoft 365?

How to Block Top Level Domain in Microsoft 365?

  Mohit Kumar Jha
Written By Mohit Kumar Jha
Anuraag Singh
Approved By Anuraag Singh
Modified On August 22nd, 2025
Reading Time 6 Min Read

Spammy emails cause a lot of problems for businesses. To resolve them, you can block the Top Level Domain Office 365. In this article, I will share with you three ways to help block TLDs from Microsoft 365. In addition, I also discuss how to secure your Office 365 account. But, first let’s understand what is Top Level Domain.

Table of Contents
  1. What is a Top Level Domain?
  2. Why Block Spammy TLD from Microsoft 365?
  3. Requirements Before Blocking Top-Level Domain in Office 365
  4. Block TLD in Office 365 using Mail Flow Rules
  5. Use Microsoft Defender to Block Top-Level Domain
  6. Blocking TLDs by Tenant Allow/Block List
  7. Limitations of Using Top-Level Domain Blocker
  8. Professionally Secure Your Office 365 Mailbox
  9. Concluding Words

What is a Top Level Domain?

The Top Level Domain signifies the last part of a domain that comes after the dot. For example, .com, .net, .org, etc. are called TLDs. This is used to categorize your websites and email domains on the internet. It is very helpful for businesses as it makes it easier to locate and build their brand. Creating a top-level domain is easy but expensive; however, spammers and phishers register their domains from low-cost TLDs to send you malicious emails. This is a huge issue for the business.

That’s why Microsoft 365 or formerly known as Office 365, provides you with admin controls over the organization. If you have access to an admin account, you can filter out and block the unwanted emails based on the top-level domain. This is a great way to prevent spam emails.

Why Block Spammy TLD from Microsoft 365?

Blocking the spammy Top Level Domain helps you in so many situations. Such as.

  • Spammers use lesser-known or inexpensive TLDs to send you multiple emails. By blocking these TLDs, you will get fewer spam emails.
  • These spammy Top Level Domain hosts fake pages or malware websites. So, by blocking them, you can prevent the risk of clicking these harmful links and exposing sensitive data.
  • A lot of spammy emails also occupy your storage. With this, you can keep your inbox cleaner and healthier.
  • By adding the TLD blocker, it will also improve the Microsoft 365 in-built filtering.

Thus, it is very beneficial for the users to help them deal with fraudulent emails. Now, to block these spammy TLDs, you have to first know about the requirements to easily block them.

Requirements Before Blocking Top-Level Domain in Office 365

  • First, you must have all the login details of the global administrator to modify the spam filter policies.
  • You may also need to access the Security and Compliance center to configure the filtering.
  • Before going through the process of blocking the TLD, check your communication requirements and whitelist safe domains.

After fulfilling these requirements, let’s see how you can block Top Level Domain in Microsoft 365, which I have explained below.

Block TLD in Office 365 using Mail Flow Rules

  1. First of all, sign in to the Microsoft 365 admin center and navigate to the Exchange admin center.
  2. Click on the Mail flow option, then select the Rules from the drop-down list.
  3. Choose Add a rule and then Create a new rule button.
  4. Enter the name of the new rule; you can name it Block Top Level Domain.
  5. In the section Apply this rule if, apply the sender condition, then address matches any of these text patterns.
  6. Provide the Top Level Domain you want to block. For example (\.zip$) or (\.tmp$).
  7. Now, in the Do the following section, choose the action you want.
  8. Select Enforce and enable the rule.
  9. At last, save the rule and go back to the main page.

Use Microsoft Defender to Block Top-Level Domain

  1. Sign in to the Office 365 and go to the Microsoft 365 Defender Portal.
  2. Click on the Email & Collaboration. Then, the Policies & rules option.
  3. Select the Threat policy button.
  4. Choose the Tenant Allow/Block Lists option.
  5. Click on the Domain & Addresses and then the Block button.
  6. Now, add the TLDs you want to block in this format (*.tld). Click on the Never expire option.
    Press the Add button.
  7. Confirm that you are seeing blocked domains and addresses.

Blocking TLDs by Tenant Allow/Block List

This is the much faster way to block Top Level Domain in Microsoft 365 with PowerShell. In this method, I am going to add the TLDs that I want to block to the Tenant Allow/Block List.

  1. First, connect to Exchange Online PowerShell: Connect-ExchangeOnline.
  2. From this command, you will block a single Top Level Domain: New-TenantAllowBlockListItems -ListType Sender -Block -Entries “*.com” -NoExpiration.
  3. The following commands will be used to block the emails that contain malicious URLs. Even if the sender’s domain is not blocked: New-TenantAllowBlockListItems -ListType Url -Block -Entries “*.com/*” -NoExpiration.

Here are all the ways that you can use to block spammy emails. However, it does not fully resolve the problem as there are disadvantages to blocking the TLDs.

Limitations of Using Top-Level Domain Blocker

  • Nowadays, cybercriminals are very smart and quick; they will easily switch to another domain extension when one gets blocked.
  • Many legit email domain also uses trusted Total Level Domain, and even the spammers. So, it is difficult to block them.
  • You may risk blocking your important clients and partners, which will be a huge loss for the organization.
  • Blocking some of the Total Level Domain is a temporary fix.
  • You need to constantly update your blocklist as the new spammy email domains emerge.

Therefore, it is better to secure your Microsoft 365 mailbox even if you have used this method. To help you in this, I will share with you a professional option.

Professionally Secure Your Office 365 Mailbox

Software like SysTools Office 365 Backup will be very helpful. This is an advanced tool that many experts prefer. Users can easily save multiple Microsoft 365 mailboxes without any issues. The tool offers you an option to download your data in a PST file. This makes it easy for you to access whenever you need.

Download Now Purchase Now

Concluding Words

In this article, I have explained how you block the Top Level Domain Office 365. Here, I have discussed three different ways to block the TDIs. Also, provide the requirements to make the procedure easy. Furthermore, explaining the limitations of the block TLD settings and how you can secure your Microsoft 365 mailbox from the spammy emails.

Read Also: How to Set Up Delegate Access in Office 365?

  author

By Mohit Kumar Jha

Mohit is a Microsoft Certified expert for all things Microsoft. He brings a unique perspective gained from nearly a decade of active participation in various IT forums, blogs, and social media. Known in admin circles as the go-to guru for solving user queries in the domain of cloud migration, data backup, and digital forensics. The secret to his core expertise lies in solving problems practically. Through this hands-on experience, he has acquired knowledge in diverse domains like Microsoft 365 Cloud, On-Premise Exchange Server, AD, and Entra ID.