I’ve been having a lot of problems with malware coming in via emails with particular subject lines (invoice, credit note, dhl, ups, etc) so I have created a transport rule of my Exchange server that routes any emails containing these keys words to a separate mailbox which I then review.
We have had a few legitimate senders picked up so I have been adding their email addresses individually to an exception in my rule which effectively whitelists their addresses.
However when I added another address today my exchange whinged that the rule had reached its maximum length.
I think I’ve come up with a workaround.
If I add the email addresses I want to whitelist as a mail contact in exchange, remove them from the global address list so nobody can email them by mistake, and then have my exchange transport rule set so that it only filters email from outside the organisation it seems to work. I’m assuming because it now views these external addresses as belonging to my exchange organisation.
I’ve tested it with one address so far. Can anyone see any downside before I carry on and roll it out completely?