Blocking Emails by Region and Language in Exchange Online Anti-Spam Policies

Uncategorized 7 Minutes

Exchange Online’s anti-spam policies include international spam filters that let you block unwanted emails based on the sender’s region and the language of the message. By using Region Block Lists and Language Block Lists, administrators can automatically mark certain incoming emails as spam – for example, emails sent from countries your organization doesn’t do business with, or messages written in languages your users don’t speak. This helps prevent email not intended for the user (such as foreign spam or phishing attempts) from ever reaching their inbox.

Exchange Online Anti-Spam Overview

Exchange Online Protection (EOP) applies a default spam filter (also known as a Hosted Content Filter Policy) to all incoming mail[1]. Admins can customize this policy or create new ones to tighten spam filtering. Among many settings (blocking specific senders, domains, etc.), EOP provides International Spam settings to filter messages by country/region of origin and language[1][2]. These filters are optional and disabled by default – but when enabled, they instruct EOP to treat certain emails as spam purely due to their origin or language.

How it works: Exchange Online analyzes each incoming message’s metadata and content. It determines the source country (using the sender’s IP address geolocation) and attempts to detect the language the message is written in. If the message matches a blocked region or language that you’ve specified and you have turned on these filters, Exchange Online will increase the message’s spam score or outright flag it as spam[3][4]. Such messages will then be handled according to your spam policy (usually delivered to the Junk Email folder or quarantined, rather than reaching the inbox).

Why Use Region and Language Filters?

By leveraging these block lists, organizations can reduce spam and phishing that users are unlikely to find legitimate. For example, a company operating only in North America might block all emails coming from domains in far-off regions often associated with spam. Similarly, if your users only speak English and French, you might block emails written in Russian or Chinese to stop foreign-language scams. International spam filtering is a coarse filter – it’s not based on content quality but on origin characteristics – yet it can significantly cut down unwanted mail that standard content filters might miss. (Keep in mind determined attackers might evade these by using relay servers in “allowed” countries or by writing spam in your users’ languages, so these filters are one layer of defense, not a silver bullet.)

Default behavior: Out of the box, Exchange Online’s international filters are off (no regions or languages are blocked)[4]. If you enable them without specifying any entries, they won’t have effect. Once you enable a Region or Language block list and add entries to it, any incoming message matching those conditions gets stamped with a high spam confidence level (SCL). By default, EOP will send such spam to the recipient’s Junk Email folder (or quarantine it if it’s detected as high-confidence phishing)[3]. This means the user is protected from seeing it in their inbox, though they can still review junk/quarantine if needed.

Note: The Region and Language block lists simply mark messages as spam – they don’t outright reject the message. The messages will still arrive to your tenant and be deliverable to Junk Email or Quarantine based on your spam policy actions. Ensure your anti-spam policy’s actions for spam are configured (the default is to send to Junk) so that these flagged emails don’t reach the inbox.

Configuring Region and Language Block Lists via PowerShell

You can configure these international spam settings easily using Exchange Online PowerShell. Below is a step-by-step guide to enable and customize the Region and Language block lists:

Below are the detailed instructions and PowerShell commands for each step:

  1. Connect to Exchange Online PowerShell – Open a PowerShell console and connect to your Exchange Online environment. If you have the Exchange Online PowerShell module installed, run: Connect-ExchangeOnline -Credential (Get-Credential) This will prompt for your admin credentials and establish the session. (Alternatively, use the older Connect-MsolService or New-PSSession methods if not using the newer module.)
  2. View current policy settings (optional) – It’s good practice to see what the current spam filter policy is before changing it. By default, the primary policy is named “Default” (or “Default Anti-Spam Policy”). Run the following to inspect the international block list settings: Get-HostedContentFilterPolicy -Identity "Default" | Format-List Name, EnableRegionBlockList, RegionBlockList, EnableLanguageBlockList, LanguageBlockList This will show whether the region and language filters are enabled (should show False by default) and any listed codes (likely empty). For example, you might see: EnableRegionBlockList : False RegionBlockList : {} EnableLanguageBlockList : False LanguageBlockList : {} indicating the filters are currently off.
  3. Enable and configure the Region Block List – Decide which countries or regions you want to block. Use their two-letter country codes (ISO 3166-1 alpha-2 format)[3]. For instance, “CN” (China), “RU” (Russia), “IR” (Iran), “BR” (Brazil), etc. Then run the command: Set-HostedContentFilterPolicy -Identity "Default" ` -EnableRegionBlockList $true ` -RegionBlockList "CN","RU","IR" In this example, we enable the region filter and add China, Russia, and Iran to the blocked RegionBlockList. From now on, any incoming email originating from servers in those countries will be marked as spam[3]. (Use the country codes that make sense for your organization – you might include those where you do not have clients or colleagues. You can list one or dozens of codes as needed.) Tip: You can find the full list of supported country codes in Microsoft’s documentation[3] or any ISO country code list. Common examples include US (United States), GB (United Kingdom), CN (China), DE (Germany), IN (India), etc. Only use codes for countries you truly want to block – blocking major email source countries could filter out legitimate emails if, for example, a partner’s email routed through that region.
  4. Enable and configure the Language Block List – Choose the languages you want to block. Use ISO 639-1 two-letter language codes[4] (these are often the first two letters of the language name in English, but not always). For example: “ZH” (Chinese), “RU” (Russian), “AR” (Arabic), “KO” (Korean), “JA” (Japanese) are common codes. Then run: Set-HostedContentFilterPolicy -Identity "Default" ` -EnableLanguageBlockList $true ` -LanguageBlockList "ZH","RU","AR" This turns on language-based filtering and configures the list to block Chinese, Russian, and Arabic content. Now, if an inbound message’s content is detected as written in Russian, Chinese, or Arabic, it will be marked as spam[4]. Note: Ensure you include the correct codes. For instance, “EN” is English, “ES” is Spanish, “FR” is French, “DE” is German, “JA” is Japanese, “ZH” is Chinese (Mandarin). Microsoft supports a wide range of language codes – you can find the supported list in documentation[4]. Only block languages that your users do not understand or correspond with; you wouldn’t want to block a language that any legitimate communication might use. In our example, we assumed our organization doesn’t correspond in Chinese or Arabic, so blocking those will help catch spam in those scripts.
  5. Verify the new settings – Run the Get-HostedContentFilterPolicy -Identity "Default" | Format-List ... command again (from step 2) to confirm that EnableRegionBlockList and EnableLanguageBlockList now show True, and that the RegionBlockList and LanguageBlockList contain the codes you set. For example, it might now display: EnableRegionBlockList : True RegionBlockList : {CN, RU, IR} EnableLanguageBlockList : True LanguageBlockList : {ZH, RU, AR} This means your policy is active with those filters. These changes take effect quickly (usually within minutes) for new incoming emails. Monitoring: After enabling these, keep an eye on your Quarantine or users’ Junk folders to gauge impact. You could, for instance, send a test email from an account in a blocked country (or ask a contact in that country to email you) and verify it goes to Junk. In the Security & Compliance Center, the Threat Explorer/Review can show messages flagged by these rules. Each caught email’s headers will include indicators (e.g., SFV:BLK in X-Forefront-Antispam-Report for region-block, or a note of “banned language”). This helps confirm the filter is working.

Management and Tweaks: You can update the lists at any time. For example, to add or remove entries without affecting others, use the Add/Remove syntax. Suppose you want to add Nigeria (NG) to the region block list without retyping everything:

Set-HostedContentFilterPolicy -Identity "Default" -RegionBlockList @{Add="NG"}

Similarly, to remove a language, say you decide to stop blocking Arabic:

Set-HostedContentFilterPolicy -Identity "Default" -LanguageBlockList @{Remove="AR"}

Always double-check with Get-HostedContentFilterPolicy after changes. Keep your block lists maintained as your business needs evolve (for instance, if you start dealing with a new country, remove it from the blocked list!).

Finally, remember that these settings apply tenant-wide by default (since the default policy covers all recipients). If needed, you can create custom anti-spam policies with their own Region/Language settings and scope them to specific users or groups – for example, not blocking Spanish for your Latin America team but blocking it for others. This can be done by creating a new policy via PowerShell (New-HostedContentFilterPolicy and a corresponding New-HostedContentFilterRule to assign it to certain recipients)[1]. In most cases, however, a single global setting is sufficient.

Conclusion

By using Exchange Online’s region and language block lists, you add a focused layer of defense against unsolicited emails. Region-based filtering blocks emails coming from countries that you know send you no legitimate mail (often catching spam campaigns from those areas)[3]. Language-based filtering blocks emails in languages your users don’t read – which are often spam or phishing lures in practice[4]. These features are easy to turn on with a few PowerShell commands and can dramatically reduce “noise” in user mailboxes.

Do note that legitimate communication can occasionally be caught (for example, an English-language email sent via a server in a blocked country, or a multilingual email with a few words triggering language detection). Therefore, use these filters judiciously and inform your helpdesk, so they know a possible reason if an expected message doesn’t arrive. Overall, when configured thoughtfully, region and language block lists are powerful tools to prevent emails not intended for your users, keeping your organization’s inboxes more focused and secure.

References

[1] Content filtering procedures | Microsoft Learn

[2] How to Block Emails from Foreign Countries in Office 365

[3] Set-HostedContentFilterPolicy (ExchangePowerShell) | Microsoft Learn

[4] Set-HostedContentFilterPolicy (ExchangePowerShell) | Microsoft Learn

Unknown's avatar

Published by directorcia

Published

One thought on “Blocking Emails by Region and Language in Exchange Online Anti-Spam Policies

  1. Pingback: [m365weekly] #202 – M365 Weekly Newsletter

Leave a comment