Skip to main content

Threat policies in Exchange Online prevent phishing emails and malware from ending up in the user’s mailbox. But sometimes legitimate emails end up in the spam folder as well.

Although users can mark them as a safe sender manually in Outlook, sometimes it’s just easier to do this on a tenant level. In Office 365 we can whitelist an email address using mail flow rules or by editing the anti-spam policy.

In this article, I will explain how you can use the mail flow rules or anti-spam policy to whitelist an email address. Also, we will take a look at how to use PowerShell for this.

What you need to know

As mentioned, there are two options to whitelist an email address in Office 365. The difference between the two is the level of security. The easiest method is to add the email address to the allowed sender list in the Anti-Spam policy. But the problem is that emails sent from this address will bypass all security checks, including SPF and DMARC.

This means that attackers can easily spoof the email address without anybody noticing it. A more secure (and recommended) option is to use the mail flow rules. These rules allow us to keep the DMARC check-in place or even check on specific keywords in the subject.

Adding additional conditions to the mail flow rule ensures that only the intended sender bypasses the spam filters and attackers are kept out.

Office 365 Whitelist Email Address with Mail Flow Rules

We are first going to take a look at the recommended and most secure way to whitelist an email address in Office 365. Mail flow rules not only allow us to warn users of suspicious emails but also allow us to bypass the spam filter.

When creating a mail flow rule, we want to be as specific as possible. So if the sender always users the same keyword in the subject, then add it to the rule. If the sender is always using the same server to send the email, then add the IP Address of that server to the rule. And when possible, check if the DMARC result was positive.

  1. Open the Exchange Admin Center > Expand Mail Flow and click on Rules
  2. Add a new rule and select Bypass spam filtering

3. Select The sender … > is this person under Apply this rule if

  1. Type the external email address in the Check Names field and click on Check Names.
    • It may look like you can only select internal users, but you can actually type external email addresses here. Or selecter external contact that you have created in Office 365
    • Make sure that you click on Check Names to add the email address. It will then be displayed in the field next to add ->
    • You can add multiple email addresses here
  1. Click on Add Condition
  2. We have a couple of options here. Use any of the below when possible:
    • The Subject or Body > Subject includes any of these words. This way you can further filter the emails based on a word in the subject line.
    • A Message header > includes any of these words. Filter on DMARC result is a good way to prevent spoofing of a whitelisted domain. Add Authentication-Results under “Enter text” and dmarc=pass and dmarc=bestguesspass under “Enter words…”
  3. Click save to store the rule.

You have now successfully whitelisted the email address in Office 365. If you need to whitelist multiple email addresses then it can be easier to update the rule with PowerShell. More about that later in the article.

Whitelist Email in Office 365

The other and easier to implement option is to add the sender to the allowed sender list in Office 365. For this, we will need to modify the Anti-Spam policy which you can find Microsoft 365 Defender.

Note: Using the allowed sender list and allowed domain list in anti-spam policies is the least desired option. Because senders will bypass all protection methods (spam, spoof, phishing, SPF, DKIM, DMARC). Use this option only temporarly for testing.

  1. Open Microsoft 365 Defender
  2. Click on Policies and Rules and choose Threat Policies
  3. Open the Anti-Spam policies

4. Scroll all the way down in the fly-out and click on Edit allowed and blocked senders and domains

  1. Under Allowed open Manage sender(s)
  2. Click Add senders to add a new sender to the list
  1. Click Done and save to apply the settings

Emails from the sender are now excluded from the spam filter and should arrive in the inbox of the users.

Using PowerShell to whitelist email address in Office 365

If you need to whitelist email addresses in multiple tenants or need to whitelist multiple email addresses then it can be easier to use PowerShell. With PowerShell we can modify the anti-spam policy and mail flow rules, allowing you to easily add an email address.

Make sure that you are connected to Exchange Online in PowerShell.

We are first going to take a look at the anti-spam policy. To list all content filter policies in Exchange Online we can use the following cmdlet:

1.  # List all policies<font></font>
2.  Get-HostedContentFilterPolicy

We want to modify the Default spam policy, so lets first check the current configuration of the policy:

1.  # List the complete policy<font></font>
2.  Get-HostedContentFilterPolicy -Identity 'default' | fl<font></font>
3.  <font></font>
4.  # Show only the allowed senders list<font></font>
5.  Get-HostedContentFilterPolicy -Identity 'default' | Select AllowedSenders

You can set the allowed sender using the following cmdlet, keep in mind that this will overwrite the existing addresses:

1.  Set-HostedContentFilterPolicy -Identity 'default' -AllowedSenders "",""

To add or remove email addresses from the list we can use the add or remove function:

1.  Set-HostedContentFilterPolicy -Identity 'default' -AllowedSenders @{Add="";remove=""}

Verify the results with:

1.  Get-HostedContentFilterPolicy -Identity 'default' | Select AllowedSenders

Updating mail flow rules with PowerShell

Also mail flow rules can be updated with PowerShell. Again make sure that you are connected to Exchange Online. First we are going to list all existing mail flow rules, so we know which identity to use:

1.  Get-TransportRule

To get the details from the transport rule, and to list the allowed sender, use the following cmdlet. The identity is the full name of the transport rule.

1.  Get-TransportRule -Identity "Allow" | Select from

To add one or multiple email addresses to the mail flow rule, we can use the following syntax. Keep in mind that this will overwrite any existing addresses:

1.  Set-TransportRule -Identity "Allow" -From "",""

We can’t add or remove a single address in a transport rule, so if you will need to supply all email address if you want to add a single one to an existing list.

Wrapping Up

Try to use mail flow rules as much as possible when you want to whitelist an email address in Office 365. Always make sure that you add an extra check to the rule, like a keyword, server or DMARC pass.

I hope this article helped you with whitelisting the sender, if you have any questions, just drop a comment below.