Forum Discussion
Unable to whitelist quarantined emails
We have an email that is being constantly quarantined from a webform. The email comes from the email of the web form server, but is spoofing an internal address in our tenant by design. The email keeps getting blocked, and nothing we've tried as far as transport rules, whitelist additions, etc has been able to discernably affect this. There is a option to create a tenant allow list entry but the maximum duration is 45 days. We need a way to reliably whitelist an email indefinitely.
1 Reply
Microsoft 365 allows you to permanently allow spoofed senders using the Tenant Allow/Block List. Despite what the UI might suggest, entries for spoofed senders do not expire if configured correctly.
- Go to the Tenant Allow/Block List portal
- Add the spoofed sender under Spoofed Senders
- These entries can remain indefinitely and are not subject to the 45-day expiration that applies to other types of submissions
If the spoofed sender is being flagged due to failing SPF/DKIM/DMARC, you can use Spoof Intelligence to manually allow them:
- Navigate to Spoof Intelligence Insight
- Review the spoofed sender flagged by Microsoft
- Manually mark them as “Allow” if they’re legitimate
This helps Microsoft’s filters recognize the sender as safe, even if they fail authentication checks.
