It’s actually under Policies & Rules > Threat Policies > Anti-spam policies > Anti-spam inbound policy (Default). In the fly-out, scroll all the way to the bottom and click the “edit allowed and blocked senders and domains”.
Microsoft Learn
learn.microsoft.com › en-us › defender-office-365 › create-safe-sender-lists-in-office-365
Create allowlists - Microsoft Defender for Office 365 | Microsoft Learn
July 28, 2025 - Allow entries for domains and email addresses (including spoofed senders) in the Tenant Allow/Block List. Exchange mail flow rules (also known as transport rules).
BEMO
support.bemopro.com › hc › en-us › articles › 360058230174-Whitelist-an-email-address-or-a-domain-in-Microsoft-365
Whitelist an email address or a domain in Microsoft 365 – BEMO Docs
Here are the steps to whitelist an email address or a domain.
Mail flow rules to white-list the domains
It is not recommended to whitelist entire domains. Please see why in aka.ms/emailbasics part 2 and for safer methods to allow senders. If you still choose a rule, the header name you’re looking for is authentication-results. https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-worldwide More on reddit.com
3
1
September 21, 2023Office 365 whitelist domains to bypass .htm and .html filter
I did this exact thing. I’m guessing you added htm and html to the blocked files list? Instead of doing that, create an exchange rule that says “if file type is… htm or html… send to hosted quarantine” and then you can add exclusions to say “except if received from… importantdomain.com” More on reddit.com
14
8
June 7, 2023Exchange Online white listing, best practices? And a couple of other related questions.
The problem we are having is that some email addresses are getting caught in the spam filter from a certain domain while others aren't. Look to see why those specific emails are being caught. is it becasue of the SPAM threshold? There are different criteria that get evaluated to determine the potential to be SPAM. You can move the threshold up and down if you need. So my thought was to white list the whole domain. BUT would that allow spoofed addresses come through? Whitelisting is based on the actual sending domain, not what appears in the FROM: line. Spoofed email would still be blocked becasue it is not actually coming from the whitelisted domain. What about white listing IP addresses, better? And does every company that uses Office 365 get their own IP for their "server", or if I white list one will I be white listing everyone that uses Office 365? You share the IP space with everyone on O365. More on reddit.com
2
1
January 22, 2018Exchange admin rules not whitelisting domains
I always have this rule for Exchange changes: 1 hour for internal domain changes to take effect. 24-48 hours for global changes. More on reddit.com
11
5
May 30, 2021Videos
05:36
How to whitelist domain or service in Exchange in Office 365 - YouTube
04:35
Whitelist a Domain in Microsoft Office 365 | Exchange | Mail flow ...
05:03
How to Whitelist Domain in Office 365 | How to Whitelist Domain ...
How To Whitelist Domain In Office 365? - CountyOffice.org
Top answer 1 of 8
3
It’s actually under Policies & Rules > Threat Policies > Anti-spam policies > Anti-spam inbound policy (Default). In the fly-out, scroll all the way to the bottom and click the “edit allowed and blocked senders and domains”.
2 of 8
14
I have a vendor that has now switched to a third party email service, and I need whitelist the email address they will be using going forward. When I go into Exchange Admin Center > Mail Flow > Rules > + Add a Rule, the Bypass Spam Filter option is not there. Does anyone know why this is?
I need to add the address, so if I can’t add it that way, then how?
Thanks!
Reddit
reddit.com › r/office365 › mail flow rules to white-list the domains
r/Office365 on Reddit: Mail flow rules to white-list the domains
September 21, 2023 -
Hi everyone!
Question. I'm not using 3rd party spam filter yet. I have one tenant that needs to add bunch of good domains to bypass Exchange Online spam filter.
I'm finding conflicting information if I need to just leave SCL -1 or also add header: dmarc=pass
See my test rule attachment:
Am I ok by just adding spam confident level -1 to bypass?
TIA.
Top answer 1 of 2
1
It is not recommended to whitelist entire domains. Please see why in aka.ms/emailbasics part 2 and for safer methods to allow senders. If you still choose a rule, the header name you’re looking for is authentication-results. https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-worldwide
2 of 2
1
Send yourself a message from outside and then open the message and drill down in order to read the actual headers. There is no header called dmarc=pass. But there'll be something in one of your headers that contains the DMARC result...
LazyAdmin
lazyadmin.nl › home › how to whitelist a domain in office 365
How to Whitelist a Domain in Office 365 — LazyAdmin
June 6, 2024 - Filter on DMARC result is a good ... of a whitelisted domain. Add Authentication-Results under “Enter text” and dmarc=pass under “Enter words…” · Click Next when done. In the Set Rule Settings, you can set the rule in Test mode first if you want. Otherwise, set the severity to Not Audit and click on Next and Finish · Before we could use the allowed sender list in the Exchange Online admin center ...
Airnet + Dataprise
dataprise.com › home › make sure you get those emails: whitelist email addresses in microsoft office 365
How to Whitelist an Email Address in Microsoft 365
August 1, 2025 - Open the Exchange Admin Center. Click on the Mail Flow drop-down and select Rules. Add a new rule for Bypass Spam Filtering. From the Apply this rule if… drop-down, select the sender… > domain is.
Petri
petri.com › home › how to whitelist a domain in office 365
How to Whitelist a Domain in Office 365 | Petri
June 7, 2025 - We now have one domain added (Image credit: Petri/Michael Reinders) Granularity strikes again! We are also able to whitelist a connection by using its IP Address. When an email is inbound from the Internet and it routes through your tenant, Exchange Online (EXO) will check the IP Address of the sending SMTP server.
Microsoft Learn
learn.microsoft.com › en-us › microsoft-365 › enterprise › urls-and-ip-address-ranges
Microsoft 365 URLs and IP address ranges - Microsoft 365 Enterprise | Microsoft Learn
Addresses: Lists the FQDNs or wildcard domain names and IP address ranges for the endpoint set.
Wizer-training
learn.wizer-training.com › knowledge › how-to-whitelist-by-ip-address-in-office-365
Whitelisting for Office 365
5. Click on the "Save" button (refer to the screenshot below which depicts how the fields are populated with multiple IPs, the relevant list of IP addresses is always represented in the abovementioned list) 6. Select the anti-spam inbound policy and add our sending domains to allowed domains from this list: Please make sure all 24 domains are added as in the screenshot below, once finished press Done: Whitelist Spam Filtering
Microsoft Learn
learn.microsoft.com › en-us › exchange › mail-flow-best-practices › manage-accepted-domains › manage-accepted-domains
Manage accepted domains in Exchange Online | Microsoft Learn
Under the This accepted domain is section, select the domain type. The possible values are Authoritative and Internal relay. If you select Authoritative, you must confirm that you want to enable Directory-Based Edge Blocking. If you select Internal Relay, you can enable the match-subdomains to enable mail flow to all subdomains. For more information, see Enable mail flow for subdomains in Exchange Online.
Rackspace
docs.rackspace.com › docs › safelist-a-domain-in-exchange-online-m365
Safelist a domain in Exchange Online
This article provides two methods to safelist, or whitelist, a domain in Exchange® Online for Microsoft 365®. Safelisting a domain prevents messages sent from that domain from being filtered as spam by the Exchange Online spam filter. Instead, Exchange Online sends the message directly to the user's inbox.
Microsoft Community Hub
techcommunity.microsoft.com › microsoft community hub › communities › products › exchange › exchange
Whitelist Email Addresses/Domains for Certain Groups | Microsoft Community Hub
July 6, 2023 - Rather than whitelisting an email address or a domain for an entire tenant, how can we whitelist it for selected users and nobody else? exchange ·
4sysops
4sysops.com › home › blog › articles › whitelist a domain in microsoft 365
Whitelist a domain in Microsoft 365 – 4sysops
September 7, 2024 - Whitelisting a domain through Microsoft 365 Defender is the recommended approach compared to creating mail flow rules for the same purpose. A high number of mail flow rules might slow down email delivery, as Exchange Online verifies emails against all the rules.
Office365Concepts
office365concepts.com › home › how to whitelist a domain in office 365
How to whitelist a domain in Office 365
February 23, 2024 - If you do not want Exchange Online Protection filter agents to take any action on the emails sent from a particular domain, you can whitelist that domain using Mail Flow rules, Anti-Spam policy or Microsoft Defender Submissions.
Knowbe4
support.knowbe4.com › hc › en-us › articles › 218134997-Whitelist-by-IP-Address-in-Microsoft-Exchange-2016-and-2019
Whitelist by IP Address in Microsoft Exchange 2016 and 2019 – KnowBe4 Knowledge Base
October 27, 2025 - Whitelisting our IP addresses allows us to bypass your Microsoft Exchange Online Protection (EOP) mail filter and ensure the deliverability of our PSTs and training notifications.
Defense
help.defense.com › en › articles › 6208831-how-to-whitelist-phishing-simulator-domains-in-microsoft365
How to whitelist phishing simulator domains in Microsoft365 | Defense.com Help Centre
Add the domain that you want to allow (whitelist).
YouTube
youtube.com › watch
How To Whitelist Domain In Office 365? - CountyOffice.org - YouTube
How To Whitelist Domain In Office 365? Are you looking to learn how to whitelist a domain in Office 365? In this detailed tutorial, we will guide you through...
Published July 11, 2024
PEI
pei.com › home › office 365 – how to whitelist email addresses in outlook
How to Whitelist an Email Address in Microsoft 365
August 1, 2025 - In the flyout window, select Junk Email and we’re looking for the Safe Senders and Domains header. We’re going to select the Add icon and then type in the email address we want to whitelist. When we’re done, we’ll hit Enter and then Save at the top. This email address is now whitelisted in Office 365. If you want to make sure you get emails from a specific contact in Office 365, you’ve probably stumbled on a lot of articles that talk about using the Exchange Admin center or PowerShell.
SysTools Group
systoolsgroup.com › home › guide to whitelist an email in outlook 365 for users & admins
How to Whitelist an Email in Outlook 365 in 2025?
July 15, 2025 - Step 1. Open a new instance and establish a connection with Exchange Online PowerShell: ... Step 2. Add Trusted Senders (Whitelist) Globally: Option 1: Add trusted senders to the existing policy: Set-HostedContentFilterPolicy -Identity "Default" -AllowedSenders "[email protected]", "[email protected]" Option 2: Create a new custom policy for whitelisting domains in Office 365:
Reddit
reddit.com › r/sysadmin › office 365 whitelist domains to bypass .htm and .html filter
r/sysadmin on Reddit: Office 365 whitelist domains to bypass .htm and .html filter
June 7, 2023 -
Our company of about 50 email users has been getting bombarded lately with phishing emails that have .HTML or .HTM extensions. I decided to add these 2 extensions to the blocked file type on office 365 to see if that would be helpful.
The rule is set to quarantine the messages with these file types and I have to manually go in and release the message to the recipient. Well today we got our first false positive from a customer who sent a financial document with an HTML attachment. This is a large corporate customer so I know they’re not going to change the way they send their documents. Instead, I would like to whitelist their domain to allow these attachments to go through to the recipient without me, having to intervene.
The problem is for the life of me I cannot figure out a way to whitelist a domain on office 365 to bypass the filter.
It seems like this feature may have been available at one time However now when you try to do it says to submit the email to Microsoft for review.
Microsoft responded a few hours later saying that this message was filtered because of the extension type, well no duh.
My question is how exactly do I whitelist a domain to bypass the extension type filtering?
Top answer 1 of 5
13
I did this exact thing. I’m guessing you added htm and html to the blocked files list? Instead of doing that, create an exchange rule that says “if file type is… htm or html… send to hosted quarantine” and then you can add exclusions to say “except if received from… importantdomain.com”
2 of 5
8
admin.microsoft.com > Security > Policies & rules > Threat policies > Anti spam inbound policy > scroll to the bottom of the fly and you should see allowed domains. Edit: also in regards to u/analbumcover ... i don't believe i just typed that in r/sysadmin lol... Add a rule > Create a new rule > Apply this rule if "The sender" is Outside the organization (save) do the following > Modify the message properties > set the spam confidence level (SCL) > Bypass spam filtering I have done both methods and they both work.. make sure you get the "Apply this rule if > the sender" portion correct Edit: dmanit and that name lol i just realized the 10 yo in me read it wrong...