How to Allow Specific Domains and Block All Other Emails in Microsoft 365 Using Mail Flow Rules (Step-by-Step Guide)

his detailed technical guide explains how to allow email communication only with specific domains and block all other domains in Microsoft 365 Business Basic, using Mail Flow (Transport) Rules in the Exchange Admin Center.
It also covers restricting email attachment size using the same rule engine.

---

Use Case

Many organizations want to:

• Allow emails only with trusted domains (banks, vendors, partners)

• Block all other external incoming and outgoing emails

• Prevent data leakage

• Control attachment sizes (e.g., max 512 KB)

Mail Flow Rules (Transport Rules) are the most secure and license-independent way to achieve this in Microsoft 365 Business Basic.

---

Prerequisites

• Microsoft 365 Business Basic or higher

• Global Admin or Exchange Admin role

• Access to Exchange Admin Center

---

Where These Settings Are Configured

Microsoft 365 Admin Center
→ Exchange Admin Center
→ Mail Flow
→ Rules

---

PART 1: Allow Only Specific Domains & Block All Incoming Emails

Objective

• Allow emails from selected domains only

• Block emails from all other external domains

---

Step 1: Open Mail Flow Rules

1. Login to admin.microsoft.com

2. Go to Exchange Admin Center

3. Navigate to Mail flow → Rules

4. Click + Add rule → Create a new rule

---

Step 2: Rule Name

Block Emails for Incoming

---

Step 3: Configure Conditions (Apply this rule if)

Condition 1 – Recipient is Internal

• Apply this rule if → The recipient

• Is external/internal → Inside the organization

Condition 2 – Sender is External

• And → The sender

• Is external/internal → Outside the organization

This ensures the rule applies only to incoming external emails.

---

Step 4: Define the Action (Block the Message)

Primary Action

• Do the following → Block the message

• Reject the message and include an explanation

Message shown to sender:

Your email was not delivered because it was blocked and returned under compliance policy.

---

Step 5: Add Enhanced Status Code (Recommended)

• And → Block the message

• Reject the message with enhanced status code

5.7.1

➡ This tells sending servers the message was intentionally rejected by policy.

---

Step 6: Add Exceptions (Allowed Domains)

Except if

• The sender

• Domain is

Add allowed domains one by one:

icicibank.com
ext.icicibank.com
dsmg-optimus.com
icici.bank.in

✔ Emails from these domains will be allowed
❌ All other external domains will be blocked

---

Step 7: Save the Rule

Click Save

---

PART 2: Allow Only Specific Domains & Block All Outgoing Emails

Objective

• Users can send emails only to approved domains

• Prevent accidental data leakage

---

Step 1: Create a New Rule

Mail flow → Rules → + Add rule

---

Step 2: Rule Name

Block Outgoing Emails

---

Step 3: Configure Conditions

Condition 1 – Recipient is External

• Apply this rule if → The recipient

• Is external/internal → Outside the organization

Condition 2 – Sender is Internal

• And → The sender

• Is external/internal → Inside the organization

---

Step 4: Block the Message

• Block the message

• Reject with explanation

Your email was not delivered because it was blocked and returned under compliance policy.

---

Step 5: Add Enhanced Status Code

5.7.1

---

Step 6: Add Exceptions (Allowed Recipient Domains)

Except if

• The recipient

• Domain is

icicibank.com
ext.icicibank.com
dsmg-optimus.com
icici.bank.in

✔ Users can send emails only to these domains
❌ All other outgoing emails are blocked

---

PART 3: Restrict Attachment Size Using Mail Flow Rule

Objective

• Limit email attachment size (example: 512 KB)

---

Step 1: Create New Rule

Email Attachment Size Restriction

---

Step 2: Apply Condition

• Apply this rule if

• Any attachment

• Size is greater than

512 KB

---

Step 3: Block the Message

• Reject the message

• Explanation:

Attachments larger than 512 KB are not allowed as per company email policy.

• Enhanced Status Code

5.7.1

---

Step 4: Save Rule

---

Rule Priority Order (Important)

Ensure rules are ordered correctly:

1. Allow email communication (incoming)

2. Allow email communication (outgoing)

3. Email attachment size restriction

4. Block incoming emails

5. Block outgoing emails

➡ Allow rules must be above block rules.

---

Best Practices

✔ Use domain-based exceptions (not individual emails)
✔ Always use Enhanced Status Code 5.7.1
✔ Test rules using a pilot mailbox
✔ Document allowed domains internally
✔ Review rules quarterly

---

Common Mistakes to Avoid

❌ Forgetting exceptions → blocks everything
❌ Wrong rule order → allowed emails get blocked
❌ Using mailbox-level rules instead of transport rules

---

Final Result

• Only approved domains can send and receive emails

• All other domains are automatically rejected

• Attachments above allowed size are blocked

• Works with Microsoft 365 Business Basic

• No extra license required

#Microsoft365 #ExchangeAdminCenter #MailFlowRules #EmailSecurity #Office365 #ExchangeOnline #DomainWhitelisting #EmailCompliance #CyberSecurity #ITAdmin #DataProtection #EmailPolicy #BusinessEmail #CloudSecurity #AttachmentRestriction #TransportRules #InfoSec #EmailGovernance #EnterpriseIT #SecurityBestPractices #MicrosoftAdmin #Office365Security #EmailControl #SpamPrevention #ITInfrastructure #SecureEmail #CompliancePolicy #MicrosoftExchange #EmailFiltering #ZeroTrust #CyberAwareness #ITSupport #EmailRestrictions #CloudAdmin #BusinessSecurity #ExchangeRules #EmailHardening #AttachmentPolicy #EmailFirewall #M365

---

Microsoft 365 mail flow rules Exchange admin center transport rules block external emails Microsoft 365 allow specific domain Microsoft 365 block outgoing emails Office 365 restrict email domains Microsoft 365 Exchange mail flow reject 5.7.1 attach