How to Bulk Whitelist domains in Office 365
There are plenty of blog posts that explain how to add a mail flow rule in Office 365 to allow you to white list a sender domain, bypassing the 365 spam filtering completely. There is a nice guide on how to achieve that in this blog post by Robert Crane.
I was working with a customer today that had a long list of domains that they wanted to white-list, but the Office 365 admin interface does not provide a facility to enter a list in bulk. So I wrote a PowerShell script that would do the job of creating a transport rule based on a simple list from a text file containing email domains.
Creating a Mail Flow rule to handle many trusted domains.
-
- Download the script
- Create a plain text file containing a list of domains or email addresses. The script will strip the first part of the address to leave only the domain name remaining.
nicedomain.com trusteddomain.com tachytelic.net testemailaddress@somedomain.com
- Connect to Exchange Online using PowerShell. Instructions on how to do that here:
http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx - Run the script that you downloaded (Add365SafeDomains.ps1)
- Specify a meaningful rule name, this will help you segregate different groups of domains easily.
- If you specify a rule name that already exists, the contents of the “SenderDomains” property will be loaded into an array and combined with the new list.
- Duplicates are automatically removed
- The list is sorted into alphabetical order for easier readability the Office 365 Portal to view the rule.
- If you specify a rule name that does not already exist, a new rule will be created instead.
The script works by creating an array of domains and supplying that array to the set-TransportRule cmdlet.
Here is the code for the script:
Param( [Parameter(Mandatory=$True,Position=1)] [string]$ruleName, [Parameter(Mandatory=$True)] [string]$domainListFilePath ) #Read the contents of the text file into an array $safeDomainList = Get-Content $domainListFilePath #Create a new array and remove all text for each line up to and including the @ symbol, also remove whitespace $newSafeDomainList = @() $newSafeDomainList += foreach ($domain in $safeDomainList) { $tmpdomain = $domain -replace ".*@" $tmpdomain.trim() } #If the rule already exists update the existing allowed sender domains, else create a new rule. if (Get-TransportRule $ruleName -EA SilentlyContinue) { "Updating existing rule..." $safeDomainList = Get-TransportRule $ruleName |select -ExpandProperty SenderDomainIs $completeList = $safeDomainList + $newSafeDomainList $completeList = $completeList | select -uniq | sort set-TransportRule $ruleName -SenderDomainIs $completeList } else { "Creating new rule..." $newSafeDomainList = $newSafeDomainList | sort New-TransportRule $ruleName -SenderDomainIs $newSafeDomainList -SetSCL "-1" }
You can copy and paste the above into your own PowerShell script or download the script here.
If you found the script helpful, please rate the post! 😀
NOP says
thank you
Josh says
This worked out nicely, thank you. Just remember that there is a limit to how big a mail flow rule can be within Exchange Online. If you’re getting a message about being over 4096 characters, you’ll need multiple whitelits/mail flow rules.
Scott Abel says
I am getting an error when trying to add domains to the existing rule
Domain name(s) ‘yahoo.com nicedomain.com trusteddomain.com tachytelic.net accendo.co.uk’ contain(s) invalid
characters. Domain names may contain only ASCII letters ‘a’ through ‘z’, ‘A’ through ‘Z’, the digits ‘0’ through ‘9’,
the hyphen ‘-‘ and the underscore ‘_’. Domain predicates handle subdomain match, no wildcard is required.
+ CategoryInfo : InvalidArgument: (SenderDomainIs:String) [Set-TransportRule], ArgumentException
+ FullyQualifiedErrorId : [Server=BLUPR08MB438,RequestId=76f52333-ab26-46d1-8bc1-0e6e54a6ac9a,TimeStamp=9/18/2014
2:31:24 PM] [FailureCategory=Cmdlet-ArgumentException] 89CD009A,Microsoft.Exchange.MessagingPolicies.Rules.Tasks.S
etTransportRule
+ PSComputerName : outlook.office365.com
Any idea why??
Paulie says
Maybe you have some kind of non printable character in your list, especially if you copied and pasted it from this webpage.
Scott Abel says
Nope. its a text file exactly like the one above with the same list.
Scott Abel says
Paulie, you were right. damn html!! Works fine 🙂
Zakary says
How about bulk whitelisting email addresses?
Joe says
This worked GREAT when creating a new rule, however, it threw this error when updating existing rule.
Cannot process argument transformation on parameter ‘SenderDomainIs’. Cannot convert value
“{my domains, not more than 4096 characters with a space between each domain}” to type”Microsoft.Exchange.Data.Word”.
Parameter name: Word””
+ CategoryInfo : InvalidData: (:) [Set-TransportRule], ParameterBindin…mationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-TransportRule
+ PSComputerName : outlook.office365.com
Wazi says
Excellent Saved me entering 150 domains manually