Phishing : Create safe sender lists in EOP

Create a mail flow rule with PowerShell

Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName USERNAME@YOURDOMAIN.COM -ShowProgress $true


$ruleName = "cyber-safe white list domains"

$newSafeDomainList = @("","")

#If the rule already exists update the existing allowed sender domains, else create a new rule.
if (Get-TransportRule $ruleName -EA SilentlyContinue)
  "Updating existing rule..."
  $safeDomainList = Get-TransportRule $ruleName |select -ExpandProperty SenderDomainIs
  $completeList = $newSafeDomainList
  $completeList = $completeList | select -uniq | sort    
  set-TransportRule $ruleName -SenderDomainIs $completeList 
  "Creating new rule..."
  $newSafeDomainList = $newSafeDomainList | sort    
  New-TransportRule $ruleName -SenderDomainIs $newSafeDomainList -SetSCL "-1"

Create a mail flow rule with GUI

  1. The sender > domain is >
  2. Mail flow rule condition: A message header > includes any of these words > Header name: Authentication-Results > Header value: dmarc=pass or dmarc=bestguesspass.
  3. Create those actions:
    1. Modify the message properties > set the spam confidence level (SCL) > Bypass spam filtering.
    2. Modify the message properties > set a message header: Set the message header <CustomHeaderName> to the value <CustomHeaderValue>.
      For example, X-ETR: Bypass spam filtering for authenticated sender ''

Plus d’infos :