How to Whitelist an Email Address in Office 365

Threat policies in Exchange Online prevent phishing emails and malware from ending up in the user’s mailbox. But sometimes legitimate emails end up in the spam folder as well.

Although users can mark them as a safe sender manually in Outlook, sometimes it’s just easier to do this on a tenant level. In Office 365 we can whitelist an email address using mail flow rules or by editing the anti-spam policy.

In this article, I will explain how you can use the mail flow rules or anti-spam policy to whitelist an email address. Also, we will take a look at how to use PowerShell for this.

What you need to know

As mentioned, there are two options to whitelist an email address in Office 365. The difference between the two is the level of security. The easiest method is to add the email address to the allowed sender list in the Anti-Spam policy. But the problem is that emails sent from this address will bypass all security checks, including SPF and DMARC.

This means that attackers can easily spoof the email address without anybody noticing it. A more secure (and recommended) option is to use the mail flow rules. These rules allow us to keep the DMARC check-in place or even check on specific keywords in the subject.

Adding additional conditions to the mail flow rule ensures that only the intended sender bypasses the spam filters and attackers are kept out.

Office 365 Whitelist Email Address with Mail Flow Rules

We are first going to take a look at the recommended and most secure way to whitelist an email address in Office 365. Mail flow rules not only allow us to warn users of suspicious emails but also allow us to bypass the spam filter.

When creating a mail flow rule, we want to be as specific as possible. So if the sender always users the same keyword in the subject, then add it to the rule. If the sender is always using the same server to send the email, then add the IP Address of that server to the rule. And when possible, check if the DMARC result was positive.

  1. Open the Exchange Admin Center > Expand Mail Flow and click on Rules
  2. Add a new rule and select Create a new Rule
Bypass spam filtering rule
  1. Give the rule a name, for example, Allow <emailaddress>
  2. Apply this rule if > The Sender and select This Person
office 365 spam filter whitelist
  1. Type the external email address in the Select members field and Select it from the suggestion box or press enter when you have typed the address. Click Save when done
    • It may look like you can only select internal users, but you can actually type external email addresses here. Or select an external contact that you have created in Office 365
    • Make sure that you press enter or click on the address to add it.
    • You can add multiple email addresses here
Add external email address to mail flow rule
  1. Under Do the Following select Modify the message properties
  2. Set it to Set the spam confidence level (SCL) and choose Bypass spam filtering

This is the basic rule to whitelist an email address in Microsoft 365. To improve security and to make sure that the email address isn’t spoofed, we can add some additional conditions under the Apply this rule if step (click on the + sign to add additional conditions)

  1. The message header > includes any of these words. Filtering on DMARC results is a good way to prevent spoofing of a whitelisted domain. Add Authentication-Results under “Enter text” and dmarc=pass and dmarc=bestguesspass under “Enter words…”
  2. The Subject or Body > Subject includes any of these words. This way you can further filter the emails based on a word in the subject line.
Additional rules
  1. Click Next to continue
  2. Set the rule mode to Enforce
  3. Click Next and Finish to create the rule

You have now successfully whitelisted the email address in Office 365. If you need to whitelist multiple email addresses then it can be easier to update the rule with PowerShell. More about that later in the article.

Whitelist Email in Office 365

The other and easier to implement option is to add the sender to the allowed sender list in Office 365. For this, we will need to modify the Anti-Spam policy which you can find Microsoft 365 Defender.

Note

Using the allowed sender list and allowed domain list in anti-spam policies is the least desired option. Because senders will bypass all protection methods (spam, spoof, phishing, SPF, DKIM, DMARC). Use this option only temporarly for testing.
  1. Open Microsoft 365 Defender
  2. Click on Policies and Rules and choose Threat Policies
  3. Open the Anti-Spam policies
Exchange Online Anti Spam policies
  1. Scroll all the way down in the fly-out and click on Edit allowed and blocked senders and domains
whitelist email office 365
  1. Under Allowed open Manage sender(s)
  2. Click Add senders to add a new sender to the list
office 365 whitelist email address
  1. Click Done and save to apply the settings

Emails from the sender are now excluded from the spam filter and should arrive in the inbox of the users.

Using PowerShell to whitelist email address in Office 365

If you need to whitelist email addresses in multiple tenants or need to whitelist multiple email addresses then it can be easier to use PowerShell. With PowerShell we can modify the anti-spam policy and mail flow rules, allowing you to easily add an email address.

Make sure that you are connected to Exchange Online in PowerShell.

We are first going to take a look at the anti-spam policy. To list all content filter policies in Exchange Online we can use the following cmdlet:

# List all policies
Get-HostedContentFilterPolicy

We want to modify the Default spam policy, so lets first check the current configuration of the policy:

# List the complete policy
Get-HostedContentFilterPolicy -Identity 'default' | fl

# Show only the allowed senders list
Get-HostedContentFilterPolicy -Identity 'default' | Select AllowedSenders
exchange whitelist email address

You can set the allowed sender using the following cmdlet, keep in mind that this will overwrite the existing addresses:

Set-HostedContentFilterPolicy -Identity 'default' -AllowedSenders "unifi@stonegrovebank.com","lab02@stonegrovebank.com"

To add or remove email addresses from the list we can use the add or remove function:

Set-HostedContentFilterPolicy -Identity 'default' -AllowedSenders @{Add="ui@stonegrovebank.com";remove="lab02@stonegrovebank.com"}

Verify the results with:

Get-HostedContentFilterPolicy -Identity 'default' | Select AllowedSenders

Updating mail flow rules with PowerShell

Also mail flow rules can be updated with PowerShell. Again make sure that you are connected to Exchange Online. First we are going to list all existing mail flow rules, so we know which identity to use:

Get-TransportRule
PowerShell transport rule

To get the details from the transport rule, and to list the allowed sender, use the following cmdlet. The identity is the full name of the transport rule.

Get-TransportRule -Identity "Allow unifi@stonegrovebank.com" | Select from

To add one or multiple email addresses to the mail flow rule, we can use the following syntax. Keep in mind that this will overwrite any existing addresses:

Set-TransportRule -Identity "Allow unifi@stonegrovebank.com" -From "ui@stonegrovebank.com","lab01@stonegrovebank.com"

We can’t add or remove a single address in a transport rule, so if you will need to supply all email address if you want to add a single one to an existing list.

Wrapping Up

Try to use mail flow rules as much as possible when you want to whitelist an email address in Office 365. Always make sure that you add an extra check to the rule, like a keyword, server or DMARC pass.

I hope this article helped you with whitelisting the sender, if you have any questions, just drop a comment below.

7 thoughts on “How to Whitelist an Email Address in Office 365”

  1. Hey Ruud, thanks for posting the article. Quick question, is managing the email whitelist still only possible from the admin perspective, and there’s currently no native way in O365 for an end user to be able to do this without inserting some 3rd party tool into the mix? I’m starting to get harassed from our sales team about the amount of email that gets caught in the spam filter, and I’m not sure there’s really much of anything I can do as I can’t really change the algorithms and don’t want to set a precedent of having to be the one stop for whitelisting individual emails for the entire company. I’m thinking I might need to instruct them to be more diligent about checking the quarantine themselves but that alone seems not a great response without a way for them to personally whitelist their own email.

    Thanks again!

  2. Hi Ruud

    I’m pretty new to using PS, but du understand how powerfull a tool it is, in ths article you mention that one can use PS to maintain antispam policy’s, to start you post the cmdlet
    Get-HostedContentFilterPolicy
    All good so far, but here comes my problem, when i look up the policy list via the portal, i get 5, where 3 of them ar default, but with the mentioned cmdlet i only get 2
    Name SpamAction HighConfidenceSpamAction IsDefault
    —- ———- ———————— ———
    EDH mailboxes MoveToJmf Quarantine False
    Default Quarantine Quarantine True

    What am i not understanding? doing wrong?
    Regards Karsten V

    • Yes, it seems that we can’t change the three default rules that are marked “always on” in PowerShell. I have no idea why they are not listed, can’t find anything about it in the documentation.

Leave a Comment

0 Shares
Tweet
Pin
Share
Share