Phishing : Create safe sender lists in EOP

Create a mail flow rule with PowerShell

Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName USERNAME@YOURDOMAIN.COM -ShowProgress $true

Param(
   [Parameter(Mandatory=$True,Position=1)]
   [string]$ruleName,
  
   [Parameter(Mandatory=$True)]
   [string]$domainListFilePath
)

$ruleName = "cyber-safe white list domains"

$newSafeDomainList = @("trkr.ch","newsl.ch")

#If the rule already exists update the existing allowed sender domains, else create a new rule.
if (Get-TransportRule $ruleName -EA SilentlyContinue)
{
  "Updating existing rule..."
  $safeDomainList = Get-TransportRule $ruleName |select -ExpandProperty SenderDomainIs
  $completeList = $newSafeDomainList
  $completeList = $completeList | select -uniq | sort    
  set-TransportRule $ruleName -SenderDomainIs $completeList 
}
else
{
  "Creating new rule..."
  $newSafeDomainList = $newSafeDomainList | sort    
  New-TransportRule $ruleName -SenderDomainIs $newSafeDomainList -SetSCL "-1"
}

Create a mail flow rule with GUI

  1. The sender > domain is > trkr.ch
  2. Mail flow rule condition: A message header > includes any of these words > Header name: Authentication-Results > Header value: dmarc=pass or dmarc=bestguesspass.
  3. Create those actions:
    1. Modify the message properties > set the spam confidence level (SCL) > Bypass spam filtering.
    2. Modify the message properties > set a message header: Set the message header <CustomHeaderName> to the value <CustomHeaderValue>.
      For example, X-ETR: Bypass spam filtering for authenticated sender 'trkr.ch'

Plus d’infos :
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-worldwide
https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?redirectedfrom=MSDN&view=exchange-ps