Configuring DQS on Microsoft Exchange

This details how to use Data Query Service (DQS) with Microsoft Exchange, configuring it to reject at the SMTP level.

These instructions apply only to Exchange 2010 and above.

Exchange only provides support for DNSBL lookups against the connecting IP, so that’s all you can do from it; anything else needs to be demanded to an external filtering software.


  • When you see the word your_DQS_key you need to replace it with your actual DQS key. Failing to do so will prevent you from successfully querying the DQS.

For example, assuming your key is aip7yig6sahg6ehsohn5shco3z, the following line:	

will become:


Run an Exchange Powershell with administrator privileges and then type the following:

	add-IPBlockListProvider -Name 'Spamhaus ZEN' -LookupDomain '' -Enabled $true -BitmaskMatch $null -IPAddressesMatch '','','','','','' -Priority '1' -AnyMatch $false -RejectionResponse 'Connecting IP address {0} has been blocked by Spamhaus ZEN. See{0} for further details.'