Last Update: Jul 24, 2023 | Published: Jun 05, 2023
As an IT Pro, it is crucial to your organization to make sure that your users receive legitimate emails. Sometimes, Exchange Online Protection (EOP) can flag these emails as spam. Safely creating whitelists for specific domains/email addresses allows you to efficiently manage email flow in your organization and protect your users from malicious activity. In this guide, I will show you how to whitelist a domain in Office 365 using a mail flow rule, the Microsoft 365 Defender portal, and PowerShell.
A typical scenario encountered by IT pros managing Exchange Online is to have users complain that important emails are “hiding” in their ‘Junk Email’ folder in Outlook. There are two main reasons why this can occur:
The first reason is specifically tied to the Outlook desktop application. The important point is that the feature only works when Outlook is open.
I will be covering the second reason here in this post. Before the email ever gets to the user’s mailbox, the protection service acts on the email. It puts it directly in the ‘Junk Email’ folder, so the email is never delivered to the user’s Inbox folder. So, in terms of email flow, this occurs before the email enters Outlook.
In order to avoid these legitimate emails being delivered to ‘Junk Email’ folders, we can create a whitelist rule or change in the Microsoft 365 service. However, you must be careful to choose the best and most secure method. In some cases, configuration changes will open the door to spammers and malicious actors to exploit the settings you modify. I will go through the security aspect of each method below.
Well, not really. The main reason I say that is because it’s not nearly as effective. As I said earlier, when users create whitelists, they’re setting up what’s called client-side rules. This means that the Outlook desktop application itself is processing the user’s Inbox only when it’s open and running. If there happens to be an issue with Outlook, this processing will not occur.
The advantage of using the methods in this post is that they create server-side rules. That means that they process before any emails enter a user’s mailbox, period. It’s simply safer that way. And, more efficient – it simply happens automatically behind the scenes.
Arguably, the most secure method of allowing an email address or domain to bypass spam filtering is to create a Mail Flow Rule in Exchange Online. However, there are very important settings you need to understand.
That’s all there is to it. Here’s the crucial part – adding the check in the message headers for a passing grade for DMARC and authentication! If you don’t put those checks in, the rule opens a relatively large hole for hackers to exploit it. Potential attackers can send malicious emails to your organization by spoofing that domain, bypassing your critical security checks and balances.
Another relatively safe method to whitelist a domain in Office 365 is to use Microsoft 365 Defender. Here, we’ll update the default anti-spam inbound policy.
Granularity strikes again! We are also able to whitelist a connection by using its IP Address. When an email is inbound from the Internet and it routes through your tenant, Exchange Online (EXO) will check the IP Address of the sending SMTP server.
This is not commonly used and can sometimes be spoofed. However, there are business cases where this is the easiest way to always allow emails into your employee’s Inbox folders. Again, we’ll be using the Microsoft 365 Defender portal here.
That’s all there is to it!
I hope you didn’t think I would forget PowerShell! You’ll probably be amazed at how simple it is to make a similar change with one command.
Let’s go through the steps to add another email domain to the default anti-spam policy.
Get-HostedContentFilterPolicy
Set-HostedContentFilterPolicy -Identity 'Default' -AllowedSenderDomains 'secondinvestments.com'
Now, THAT was easy. Instead of browsing all around the GUI of the Microsoft 365 Defender website, you can run that simple command to whitelist a domain in Office 365.
Whitelisting a domain in Office 365 is an excellent and effective way to ensure that specific emails are not filtered as spam. This can be useful if you receive emails from a specific domain that are frequently marked as spam. Once you have whitelisted a domain, this will no longer happen.
It is important to note that whitelisting a domain can also increase your risk of receiving spam. This is because spammers can often spoof the sender’s address, making it appear as if the email is coming from a legitimate domain. If you whitelist a domain that is being used to send spam, you may end up receiving more spam!
For this reason, it is important to only whitelist domains that you trust. You should also regularly review your whitelisted domains and remove any that are no longer needed.
Please feel free to leave a comment below – thank you for reading!
Related Article: