How to bulk whitelist domains in Office 365 using Powershell

How to Bulk Whitelist domains in Office 365

There are plenty of blog posts that explain how to add a mail flow rule in Office 365 to allow you to white list a sender domain, bypassing the 365 spam filtering completely. There is a nice guide on how to achieve that in this blog post by Robert Crane.

I was working with a customer today that had a long list of domains that they wanted to white-list, but the Office 365 admin interface does not provide a facility to enter a list in bulk. So I wrote a PowerShell script that would do the job of creating a transport rule based on a simple list from a text file containing email domains.

Creating a Mail Flow rule to handle many trusted domains.

1. Download the script
2. Create a plain text file containing a list of domains or email addresses. The script will strip the first part of the address to leave only the domain name remaining.
```
nicedomain.com
trusteddomain.com
tachytelic.net
[email protected]
```
3. Connect to Exchange Online using PowerShell. Instructions on how to do that here:
  http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx
4. Run the script that you downloaded (Add365SafeDomains.ps1)
  1. 1. With Parameters like this:
```
.\Add365SafeDomains.ps1 -ruleName "Safe Domain List" -domainListFilePath "c:\domainlist.txt"
```
    2. Or without parameters and you will be prompted:

Specify a meaningful rule name, this will help you segregate different groups of domains easily.
If you specify a rule name that already exists, the contents of the “SenderDomains” property will be loaded into an array and combined with the new list.
- Duplicates are automatically removed
- The list is sorted into alphabetical order for easier readability the Office 365 Portal to view the rule.
If you specify a rule name that does not already exist, a new rule will be created instead.

The script works by creating an array of domains and supplying that array to the set-TransportRule cmdlet.

Here is the code for the script:

Param(
   [Parameter(Mandatory=$True,Position=1)]
   [string]$ruleName,
  
   [Parameter(Mandatory=$True)]
   [string]$domainListFilePath
)

#Read the contents of the text file into an array
$safeDomainList = Get-Content $domainListFilePath

#Create a new array and remove all text for each line up to and including the @ symbol, also remove whitespace
$newSafeDomainList = @()
$newSafeDomainList += foreach ($domain in $safeDomainList) 
            {
              $tmpdomain = $domain -replace ".*@"
              $tmpdomain.trim()
            }

#If the rule already exists update the existing allowed sender domains, else create a new rule.
if (Get-TransportRule $ruleName -EA SilentlyContinue)
{
  "Updating existing rule..."
  $safeDomainList = Get-TransportRule $ruleName |select -ExpandProperty SenderDomainIs
  $completeList = $safeDomainList + $newSafeDomainList
  $completeList = $completeList | select -uniq | sort	
  set-TransportRule $ruleName -SenderDomainIs $completeList 
}
else
{
  "Creating new rule..."
  $newSafeDomainList = $newSafeDomainList | sort	
  New-TransportRule $ruleName -SenderDomainIs $newSafeDomainList -SetSCL "-1"
}

You can copy and paste the above into your own PowerShell script or download the script here.

If you found the script helpful, please rate the post! 😀

Comments

NOP says

July 29, 2014 at 2:11 pm

thank you
Josh says

September 3, 2014 at 1:51 am

This worked out nicely, thank you. Just remember that there is a limit to how big a mail flow rule can be within Exchange Online. If you’re getting a message about being over 4096 characters, you’ll need multiple whitelits/mail flow rules.
Scott Abel says

September 18, 2014 at 3:33 pm

I am getting an error when trying to add domains to the existing rule

Domain name(s) ‘yahoo.com nicedomain.com trusteddomain.com tachytelic.net accendo.co.uk’ contain(s) invalid
characters. Domain names may contain only ASCII letters ‘a’ through ‘z’, ‘A’ through ‘Z’, the digits ‘0’ through ‘9’,
the hyphen ‘-‘ and the underscore ‘_’. Domain predicates handle subdomain match, no wildcard is required.
+ CategoryInfo : InvalidArgument: (SenderDomainIs:String) [Set-TransportRule], ArgumentException
+ FullyQualifiedErrorId : [Server=BLUPR08MB438,RequestId=76f52333-ab26-46d1-8bc1-0e6e54a6ac9a,TimeStamp=9/18/2014
2:31:24 PM] [FailureCategory=Cmdlet-ArgumentException] 89CD009A,Microsoft.Exchange.MessagingPolicies.Rules.Tasks.S
etTransportRule
+ PSComputerName : outlook.office365.com

Any idea why??
Paulie says

September 18, 2014 at 3:37 pm

Maybe you have some kind of non printable character in your list, especially if you copied and pasted it from this webpage.
Scott Abel says

September 18, 2014 at 3:38 pm

Nope. its a text file exactly like the one above with the same list.
Scott Abel says

September 18, 2014 at 3:47 pm

Paulie, you were right. damn html!! Works fine 🙂
Zakary says

February 10, 2015 at 4:51 am

How about bulk whitelisting email addresses?
Joe says

August 23, 2019 at 12:26 am

This worked GREAT when creating a new rule, however, it threw this error when updating existing rule.
Cannot process argument transformation on parameter ‘SenderDomainIs’. Cannot convert value
“{my domains, not more than 4096 characters with a space between each domain}” to type”Microsoft.Exchange.Data.Word”.
Parameter name: Word””
+ CategoryInfo : InvalidData: (:) [Set-TransportRule], ParameterBindin…mationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-TransportRule
+ PSComputerName : outlook.office365.com