• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Tachytelic.net

  • Get in Touch
  • About Me

How to bulk whitelist domains in Office 365 using Powershell

May 21, 2014 by Paulie 8 Comments

How to Bulk Whitelist domains in Office 365

There are plenty of blog posts that explain how to add a mail flow rule in Office 365 to allow you to white list a sender domain, bypassing the 365 spam filtering completely. There is a nice guide on how to achieve that in this blog post by Robert Crane.

I was working with a customer today that had a long list of domains that they wanted to white-list, but the Office 365 admin interface does not provide a facility to enter a list in bulk. So I wrote a PowerShell script that would do the job of creating a transport rule based on a simple list from a text file containing email domains.

Creating a Mail Flow rule to handle many trusted domains.

    1. Download the script
    2. Create a plain text file containing a list of domains or email addresses. The script will strip the first part of the address to leave only the domain name remaining.
      nicedomain.com
      trusteddomain.com
      tachytelic.net
      [email protected]
    3. Connect to Exchange Online using PowerShell. Instructions on how to do that here:
      http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx
    4. Run the script that you downloaded (Add365SafeDomains.ps1)
        1. With Parameters like this:
          .\Add365SafeDomains.ps1 -ruleName "Safe Domain List" -domainListFilePath "c:\domainlist.txt"
        2. Or without parameters and you will be prompted:
          Powershell script showing How to whitelist domains in office 365
  • Specify a meaningful rule name, this will help you segregate different groups of domains easily.
  • If you specify a rule name that already exists, the contents of the “SenderDomains” property will be loaded into an array and combined with the new list.
    • Duplicates are automatically removed
    • The list is sorted into alphabetical order for easier readability the Office 365 Portal to view the rule.
  • If you specify a rule name that does not already exist, a new rule will be created instead.

The script works by creating an array of domains and supplying that array to the set-TransportRule cmdlet.

Here is the code for the script:

Param(
   [Parameter(Mandatory=$True,Position=1)]
   [string]$ruleName,
  
   [Parameter(Mandatory=$True)]
   [string]$domainListFilePath
)

#Read the contents of the text file into an array
$safeDomainList = Get-Content $domainListFilePath

#Create a new array and remove all text for each line up to and including the @ symbol, also remove whitespace
$newSafeDomainList = @()
$newSafeDomainList += foreach ($domain in $safeDomainList) 
            {
              $tmpdomain = $domain -replace ".*@"
              $tmpdomain.trim()
            }

#If the rule already exists update the existing allowed sender domains, else create a new rule.
if (Get-TransportRule $ruleName -EA SilentlyContinue)
{
  "Updating existing rule..."
  $safeDomainList = Get-TransportRule $ruleName |select -ExpandProperty SenderDomainIs
  $completeList = $safeDomainList + $newSafeDomainList
  $completeList = $completeList | select -uniq | sort	
  set-TransportRule $ruleName -SenderDomainIs $completeList 
}
else
{
  "Creating new rule..."
  $newSafeDomainList = $newSafeDomainList | sort	
  New-TransportRule $ruleName -SenderDomainIs $newSafeDomainList -SetSCL "-1"
}

You can copy and paste the above into your own PowerShell script or download the script here.

If you found the script helpful, please rate the post! 😀

Filed Under: How To, Office 365, Scripts & Utilities Tagged With: Exchange, Office 365, Powershell

Reader Interactions

Comments

  1. NOP says

    July 29, 2014 at 2:11 pm

    thank you

  2. Josh says

    September 3, 2014 at 1:51 am

    This worked out nicely, thank you. Just remember that there is a limit to how big a mail flow rule can be within Exchange Online. If you’re getting a message about being over 4096 characters, you’ll need multiple whitelits/mail flow rules.

  3. Scott Abel says

    September 18, 2014 at 3:33 pm

    I am getting an error when trying to add domains to the existing rule

    Domain name(s) ‘yahoo.com nicedomain.com trusteddomain.com tachytelic.net accendo.co.uk’ contain(s) invalid
    characters. Domain names may contain only ASCII letters ‘a’ through ‘z’, ‘A’ through ‘Z’, the digits ‘0’ through ‘9’,
    the hyphen ‘-‘ and the underscore ‘_’. Domain predicates handle subdomain match, no wildcard is required.
    + CategoryInfo : InvalidArgument: (SenderDomainIs:String) [Set-TransportRule], ArgumentException
    + FullyQualifiedErrorId : [Server=BLUPR08MB438,RequestId=76f52333-ab26-46d1-8bc1-0e6e54a6ac9a,TimeStamp=9/18/2014
    2:31:24 PM] [FailureCategory=Cmdlet-ArgumentException] 89CD009A,Microsoft.Exchange.MessagingPolicies.Rules.Tasks.S
    etTransportRule
    + PSComputerName : outlook.office365.com

    Any idea why??

  4. Paulie says

    September 18, 2014 at 3:37 pm

    Maybe you have some kind of non printable character in your list, especially if you copied and pasted it from this webpage.

  5. Scott Abel says

    September 18, 2014 at 3:38 pm

    Nope. its a text file exactly like the one above with the same list.

  6. Scott Abel says

    September 18, 2014 at 3:47 pm

    Paulie, you were right. damn html!! Works fine 🙂

  7. Zakary says

    February 10, 2015 at 4:51 am

    How about bulk whitelisting email addresses?

  8. Joe says

    August 23, 2019 at 12:26 am

    This worked GREAT when creating a new rule, however, it threw this error when updating existing rule.
    Cannot process argument transformation on parameter ‘SenderDomainIs’. Cannot convert value
    “{my domains, not more than 4096 characters with a space between each domain}” to type”Microsoft.Exchange.Data.Word”.
    Parameter name: Word””
    + CategoryInfo : InvalidData: (:) [Set-TransportRule], ParameterBindin…mationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-TransportRule
    + PSComputerName : outlook.office365.com

Leave a Reply Cancel reply

Primary Sidebar

Link to my LinkedIn Profile
Buy me a coffee

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 245 other subscribers.

Go to mobile version