How to whitelist domains in Office 365
There are plenty of blog posts out there that explain how to add a mail flow rule in Office 365 to allow you to white list a sender domain, bypassing the 365 spam filtering completely. There is a nice guide on how to achieve that on this blog post by Robert Crane:
White listing a domain in Office 365
I was working with a customer today that had a long list of domains that they wanted to white-list but the Office 365 admin interface does not provide an elegant way to enter the domain list in bulk.
As all of the mail flow functionality presented in the Office 365 web interface is also available in Powershell I wrote a script that would do the job of creating a transport rule based on a simple list from a text file containing email domains.
Creating a Mail Flow rule to handle many trusted domains.
The first step in this process is to create a plain text file with a domain on each line that you would like to white-list. If you enter a full email address the script will strip the part in front of the @symbol and white-list the entire domain.
So your list might look something like:
The final line in this example of “firstname.lastname@example.org” will be stripped down to “somedomain.com”, I added this because the list I was supplied with contained some full email addresses which the transport rule cannot accept. Each line is also trimmed of white-space to ensure the rule creation is successful.
Once you have your file in place you need to connect to Exchange Online using Remote Powershell. Instructions on how to do that here:
Running Add365SafeDomains.ps1 to create or update a Mail Flow rule using Powershell in Office 365
Once you are connected to Exchange online you can run Add365SafeDomains.ps1. The script expects two parameters, which can be supplied on the command line or omitted and you will be prompted to supply them. An example command might look like this:
.\Add365SafeDomains.ps1 -ruleName "Safe Domain List" -domainListFilePath "c:\domainlist.txt"
and you will be prompted for the values as per the below:
Specifying a meaningful rule name will allow you to segregate different groups of domains easily.
If you specify a rule name that already exists, the contents of the “SenderDomainIs” property will be loaded into an array and combined with the new list that you have supplied, duplicates are automatically removed and the list is sorted into alphabetical order for easier readability when using the 365 web portal to review the rule.
If you specify a rule name that does not already exist, then a new rule will be created instead.
The script works by creating an array of domains and supplying that array to the set-TransportRule cmdlet.
So if you have lots of domains that you would like to white-list (or black list with easy modification) then this could be for you.
Here is the code for the script:
#Read the contents of the text file into an array
$safeDomainList = Get-Content $domainListFilePath
#Create a new array and remove all text for each line up to and including the @ symbol, also remove whitespace
$newSafeDomainList = @()
$newSafeDomainList += foreach ($domain in $safeDomainList)
$tmpdomain = $domain -replace “.*@”
#If the rule already exists update the existing allowed sender domains, else create a new rule.
if (Get-TransportRule $ruleName -EA SilentlyContinue)
“Updating existing rule…”
$safeDomainList = Get-TransportRule $ruleName |select -ExpandProperty SenderDomainIs
$completeList = $safeDomainList + $newSafeDomainList
$completeList = $completeList | select -uniq | sort
set-TransportRule $ruleName -SenderDomainIs $completeList
“Creating new rule…”
$newSafeDomainList = $newSafeDomainList | sort
New-TransportRule $ruleName -SenderDomainIs $newSafeDomainList -SetSCL “-1”
You can copy and paste the above into your own Powershell script or download the script here: