How to bulk whitelist domains in Office 365 using Powershell

How to Bulk Whitelist domains in Office 365

There are plenty of blog posts that explain how to add a mail flow rule in Office 365 to allow you to white list a sender domain, bypassing the 365 spam filtering completely. There is a nice guide on how to achieve that in this blog post by Robert Crane.

I was working with a customer today that had a long list of domains that they wanted to white-list, but the Office 365 admin interface does not provide a facility to enter a list in bulk. So I wrote a PowerShell script that would do the job of creating a transport rule based on a simple list from a text file containing email domains.

Creating a Mail Flow rule to handle many trusted domains.

1. 1. Download the script
   2. Create a plain text file containing a list of domains or email addresses. The script will strip the first part of the address to leave only the domain name remaining.

      nicedomain.com
      trusteddomain.com
      tachytelic.net
      [email protected]

   3. Connect to Exchange Online using PowerShell. Instructions on how to do that here:
      http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx
   4. Run the script that you downloaded (Add365SafeDomains.ps1)
      1. 1. With Parameters like this:

            .\Add365SafeDomains.ps1 -ruleName "Safe Domain List" -domainListFilePath "c:\domainlist.txt"

         2. Or without parameters and you will be prompted:
            

• Specify a meaningful rule name, this will help you segregate different groups of domains easily.
• If you specify a rule name that already exists, the contents of the “SenderDomains” property will be loaded into an array and combined with the new list.
  • Duplicates are automatically removed
  • The list is sorted into alphabetical order for easier readability the Office 365 Portal to view the rule.
• If you specify a rule name that does not already exist, a new rule will be created instead.

The script works by creating an array of domains and supplying that array to the set-TransportRule cmdlet.

Here is the code for the script:

Param(
   [Parameter(Mandatory=$True,Position=1)]
   [string]$ruleName,
  
   [Parameter(Mandatory=$True)]
   [string]$domainListFilePath
)

#Read the contents of the text file into an array
$safeDomainList = Get-Content $domainListFilePath

#Create a new array and remove all text for each line up to and including the @ symbol, also remove whitespace
$newSafeDomainList = @()
$newSafeDomainList += foreach ($domain in $safeDomainList) 
            {
              $tmpdomain = $domain -replace ".*@"
              $tmpdomain.trim()
            }

#If the rule already exists update the existing allowed sender domains, else create a new rule.
if (Get-TransportRule $ruleName -EA SilentlyContinue)
{
  "Updating existing rule..."
  $safeDomainList = Get-TransportRule $ruleName |select -ExpandProperty SenderDomainIs
  $completeList = $safeDomainList + $newSafeDomainList
  $completeList = $completeList | select -uniq | sort	
  set-TransportRule $ruleName -SenderDomainIs $completeList 
}
else
{
  "Creating new rule..."
  $newSafeDomainList = $newSafeDomainList | sort	
  New-TransportRule $ruleName -SenderDomainIs $newSafeDomainList -SetSCL "-1"
}

You can copy and paste the above into your own PowerShell script or download the script here.

If you found the script helpful, please rate the post! 😀