Tag Archives: Safe Senders

How to Bulk Modify “Safe Senders” List in Outlook with Exchange Management Shell

Adding an email address or domain to the Safe Senders list in Outlook for all of your user mailboxes can be handy for a number of reasons. For me, we wanted to add the email address of an externally generated newsletter from a trusted source to everyone’s “Safe Sender” list so that images within the newsletter were automatically downloaded without requiring the user to click the yellow alert bar.

It’s also important if you want to maintain some control over Safelist Aggregation, which had a number of improvements in Exchange 2010.

In order to modify a user’s Safe Senders list, we’ll use the Set-MailboxJunkEmailConfiguration cmdlet .

Microsoft gives us some examples, but they’re pretty limited in their functionality if you want to modify multiple mailboxes.

It’s actually much easier to use a hash table with the ‘Add’ keyword to modify the Trusted SendersAndDomains property. This allows us to perform the operation with just a single line and without writing a more complicated PowerShell script.

get-Mailbox "ALIAS" | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add='address@domain1.com','domain2.com'}

It also allows us to perform this action on multiple mailboxes at once filtered by Distribution Group

get-DistributionGroupMember -identity "ALIAS" | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add='address@domain1.com','domain2.com'}

…by Custom Attribute

get-Mailbox -ResultSize 5000 | Where {$_.CustomAttribute1 -eq "VALUE"} | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add='address@domain1.com','domain2.com'}

…or just for Everyone

get-Mailbox | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add='address@domain1.com','domain2.com'}

If you want to check what is in the Safe Senders list for any particular user, just use the get-MailboxJunkEmailConfiguration command:

get-MailboxJunkEmailConfiguration -identity "ALIAS"

The lesson here? Never limit yourself to Microsoft’s stock examples as there are likely even more flexible ways available.

UPDATE: While running this command against all user mailboxes in our organization, I received this error on some accounts:

 The Junk E-Mail configuration couldn't be set. The user needs to sign in to Outlook Web App before they can modify their Safe Senders and Recipients or Blocked Senders lists.
    + CategoryInfo          : NotSpecified: (0:Int32) [Set-MailboxJunkEmailConfiguration], DataSourceOperationException
    + FullyQualifiedErrorId : 44A9456E,Microsoft.Exchange.Management.StoreTasks.SetMailboxJunkEmailConfiguration

The error seems to suggest that a user must sign in to Outlook Web App before their Junk Email configuration can be configured. That is somewhat misleading though, in that the only requirement is that the user has signed in to Outlook (I’ve tested this with Outlook 2003 & 2010). As it turned out I received the message for new hires that had not yet started, so it was nothing to really worry about.