Exchange may occasionally be a touch too vigilant about shielding you from unsolicited emails and spam. In Microsoft 365, you can whitelist email addresses to ensure that messages are delivered.
We receive this query frequently from IT professionals and new users of the Microsoft 365 Admin Center. Use these end-user instructions from Outlook to whitelist email addresses if you're not an Office 365 admin.
It could take up to an hour for the changes to take effect after you save the policy. After that, Defender won't check or filter the emails sent to your inbox from the senders or domains that you have whitelisted.
By establishing an allow policy within the Microsoft Defender admin center, you may prevent yourself from overlooking crucial or reliable communications that the default security settings might otherwise filter or prohibit. Whitelisting does, however, carry some danger because it circumvents Defender's defenses against malware, phishing, spam, and other threats. Consequently, you should carefully consider the benefits and drawbacks of adding an email address or domain to your whitelist before doing so, and only do so if you are certain that the sender or domain is reputable. Whitelisting is a useful tool to improve communication and teamwork, but it shouldn't be used in place of security knowledge and proper email hygiene.
Exploiting Microsoft 365 to Avoid Spam
Microsoft prefers that whitelisting be done from the Defender or Security Admin centers, as explained in the procedures above, for certain websites or IP addresses. Mail flow rules in the Exchange Admin Center can be used to get around spam screening and resolve issues if emails are still being flagged as spam. This is frequently the case when mail is sent from an on-premises Exchange server to Exchange Online. The actions you must take to go above this kind of spam screening are as follows:
1. First, access the Exchange Admin Center.
2. Select Rules by clicking on the Mail Flow drop-down menu.
3. Include a fresh rule to circumvent spam filtering.
4. Choose the sender... > is this person option from the Apply this rule if... drop-down menu.
5. Enter the email address you wish to approve in the area to the right of the Check names button.
6. In the Add – > area, move your address by clicking the Check names button.
7.To close the flyout window, click the Ok button.
8. Bypass Spam Filtering should be the default choice under Set the spam confidence level (SCL) in the Do the following... section.
9. To apply the policy, click Save.
How to add an email domain to Office 365's whitelist:
1. First, access the Exchange Admin Center.
2. Select Rules by clicking on the Mail Flow drop-down menu.
3. Include a fresh rule to circumvent spam filtering.
4. Choose which domain the sender is from the Apply this rule if... drop-down menu.
5. To add a domain to your policy, type the domain into the Specify Domain flyout window and click the Plus button.
6. You can either click OK to close the flyout window or add other domains here.
7. Bypass Spam Filtering should be the default option when it comes to the Set the spam confidence level (SCL) in the "Do the following..." section.
8. To apply the policy, click Save.
