Block Sender in Office 365 based on Regex Pattern

We have seen products like Proofpoint & Ironport use Pattern blocks quite effectively, Today we will go ahead & test the same functionality in office 365.

Below rule is demonstrated as an example, there can be other regex expressions that can also be utilized.

Scenario: Lot of spam was being received from Envelope sender, numbers are always getting changed, only Name is unique.

We can’t block googlegroups so we arrived at a conclusion to use regex pattern:


You can test this pattern before implementation at


Now lets create a pattern block in Office 365

Launch O365 admin console –>Admin –> Exchange –> Mailflow


Click on Plus to create a New Rule


Click on More Options, Provide Name to the rule


Apply this rule if Sender –> Sender Address Matches any of the Text Pattern



Do the following –> Deliver the message to the Hosted Quarantine


Scroll down & Match Sender address in Message–> Select Envelope –> Save

Also, Please check Stop processing more rules.


Note:- If you use grouping, which is allowed in Cisco Ironport  & not in o365, you will receive an error as shown below so you have to avoid it.




Now let’s test by sending a message based on pattern, I had created one test pattern which matches my personal id so that I can test the above approach..

Message was successfully quarantined 🙂


Tech Wizard




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s