We migrated to cloud from on premise Exchange 2010. In Sonicwall ESA, I was able to block TLDs (Top Level Domains). In the Exchange Admin Center, I see I can set individual or additional "Rules", however, no option I can see to test TLD against a dictionary to block the domain. In the Microsoft 365 Security Center, under Policies > Anti-Spam > (new policy), it appears I can edit "Allowed and blocked senders and domains" but do not see how to block against a list of TLDs, or if should enter ".domain" or just "domain". Locating the documentation of settings seems difficult to locate.
In the "Tenant Allow/Block Lists" it appears to allow entry of only 20 domains and might be temporary.
Where would be best to Create a dictionary of TLDs, and Create an organizational block of these sending domains?
In example, we would get spam from .bar, .date, .webcam, etc. I realize its a losing battle, but my list of about 75 TLDs was effective in a large reduction of daily spam. Now that we are on 365, they have returned to an offensive level with the default 365 filters.
If a spam filter connector is the best way to proceed, can you provide some experience with SonicWall, or TrendMicro, or your vendor of choice vs the cost, setup, and management of the hosted filter service?
Best Answer
I would use the Transport Rules of O365.
Exchange Admin Centre -> Mail Flow -> Rules
Apply this rule if…. The send address matches;
In the condition box you need to entrer the domain that way,
\.domain$, or\.webcam$, etc..And select to Reject the email.