Forum Discussion
add to whitelist or safe senders from quarantine
Hello all
I see its possible to block a sender from within the quarantine. Is it also possible to whitelist or add a sender to "safe senders" list from within the quarantine ?
- Only from the admin quarantine, IIRC. Which in turn adds it to the org-wide allow list.
18 Replies
As far as I know, Microsoft has removed the option to manually add specific emails/domains to the Tenant Allow / Block list.
You can still manually block domains, but allow has to go through the submission process, where you submit the email/domain etc. with the reasoning for why it should not be blocked.
Reference: https://learn.microsoft.com/en-us/defender-office-365/tenant-allow-block-list-email-spoof-configure
- I have some Allow actions added under the 30-day rule last August that have been automatically renewing steadily since then. I agree that that is hardly a secure way to proceed, but it appears to be working for the domains in question.
I am a strong believer in at least trying to understand and if possible solve the problem rather than putting a policy plaster on the problem. If it seems unlikely that the sender would reform even if the problem is carefully and courteously explained to them, you can still add allowed sender and allowed domain entries to the anti-spam and anti-phishing policies. That will however cost Secure Score as those lists should ideally be empty, and such an action should only be taken with an understanding of the underlying sender problem and concomitant risks. Microsoft can only offer a general solution. Only you can balance the benefits against the risks to your organisation.- Good point! I was looking around for a while and found this discussion. The problem seems to occur (in our case) when not using a SMTP authenticed e-mail account and just send e-mails to internal receivers.
Your exceptions seems to automatically renewed maybe because "Allowed spoofed domain sender & impersonating senders never expire." I will try it out also. Thanks!
- I found it. when you release the email you have the option to add the sender to the safe senders list. Thanks for the assist
- The option is not there anymore. do you still find that option?
- so "release email" releases the email from the quarantine and add's the email to the safe senders list?
- Only from the admin quarantine, IIRC. Which in turn adds it to the org-wide allow list.
- I only see the option to Allow for up to 30 days. What if I want to permanently allow the sender?
Has anybody found out how to allow sender for more than 30 days please?
I'm currently logged into quarantine as a global admin. When i select a particular email i dont see the option to white list the email
- Should be under Release email.
