Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Microsoft Defender for Email Whitelisting (Best Practice?)

Iron Contributor

Hi

 

I'm trying to figure out the best way to handle this.

A sender that sends out a newsletter is blocked by the spam settings, this is correct.

I setup a Mail flow rule that checks the so the DMARC is passed.

 

The problem is that the sender is using a third party software to send the emails so the domain will fail on the DMARC because the actual sender is something like h9032us.domain.com.

 

If I would whitelist the sender domain it would pass the DMARC, but that would also allow any senders from that domain to bypass the spam filters, and a lot of other users/company can use this 3rd party provider to send news letters and I do not want that to come thru.

 

How would you best handle this?

4 Replies
best response confirmed by Ben_Harris (Microsoft)
Solution

Hello @JimmyWork,

 

to be fair, the problem you describe is not yours to solve. If you have DMARC check enabled, you should kindly ask the client to include their 3rd party mail send infrastructure, it's their responsibility to hand over newsletters in a safe manner.

 

If this isn't possible, you could try adding a new mail flow rule, bypassing DMARC just for the domain of the newsletter and also whitelist it so it won't end up in the junk. But again, this should not be your problem, but the sender's.

 

Hope this helped.

Hey @JimmyWork! - @cyb3rmik3 is right here, the sender of this newsletter is likely having issues with all the recipients of their messages, this is not your issue to solve, and unfortunately by setting up your infrastructure to support bad message hygiene just delays the issue and makes you responsible for managing the continuous update of any transport rules required to enable the successful delivery, and makes the risk the rule brings your responsibility too.

 

Hope that helps

 

Ben.

Thank you for taking time and answering.
What if I add the email to the whitelist, and have domain impersonation on the same domain or user impersonation, would I end up with the same issue as the DMARC is wrongfully configured by the 3rd party.
Thank you for taking your time and answering.
1 best response

Accepted Solutions
best response confirmed by Ben_Harris (Microsoft)
Solution

Hello @JimmyWork,

 

to be fair, the problem you describe is not yours to solve. If you have DMARC check enabled, you should kindly ask the client to include their 3rd party mail send infrastructure, it's their responsibility to hand over newsletters in a safe manner.

 

If this isn't possible, you could try adding a new mail flow rule, bypassing DMARC just for the domain of the newsletter and also whitelist it so it won't end up in the junk. But again, this should not be your problem, but the sender's.

 

Hope this helped.

View solution in original post