Exchange 2007 safe list aggregation

You can give Exchange 2007 a little spam-fighting help by enlisting all the copies of Outlook on your client’s network.

Each time a user rescues a message from the Junk Mail folder, they add it to Outlook’s safe list – and you can bring the contents of these safe lists into Exchange, so they’re used to flag messages as safe well before they arrive on your clients’ desktops.

Exchange’s safe list aggregation feature treats all the safe lists equally – so if any one user has flagged an address as safe, all users will see messages from that address. Safe list aggregation can be resource intensive if you’re working with lots of mailboxes, so work with it when no one’s likely to be using the mail server (though small Exchange installs shouldn’t see much disruption).

To update the safe list data for all the mailboxes in an organisation use the following PowerShell command:

get-mailbox -ResultSize Unlimited | where {$_.RecipientType -eq [Microsoft.Exchange.Data.Directory.Recipient.RecipientType]::UserMailbox } | update-safelist

Safe list aggregation is a manual process. You can automate it, simply by building a script around the PowerShell command and then scheduling it to run at set times using the at command in Windows Server. To schedule a script to run at 1.00 am every day, use the following command:

at 1:00 /every:M,T,W,Th,F,S,Su cmd /c “C:\script.vbs”




Show other articles by this author

Share |
Write comment
security image
smaller | bigger
Comments (2)
Posted: Jan, 9 2010

All users?

users will not see mail if it is on one safelist. It is a per user feature. I've tested it and it is so, but maybe i missed something?
Simon Bisson
Posted: Jan, 29 2010
This command extracts the safelists from each user, and then uses them to update the safelist used by the Exchange Edge server - so that messages that pa*s through Exchange will be flagged as safe before delivering to users.



Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010



You want the PCs you support to have the right time for more reasons than keeping the users happy; for one thing, if every PC has a slightly different time, finding which version of a file was updated most recently gets much more complicated. Get your head around the Windows Time Service at, get the commands for making a PC get its time from the domain at and if you want a an alternative time server use to get the time from a random time server in the NTP Pool Project (read about the project at read more


Unified communications


The #1 Bestseller for Only 77p