Office 365 has a nice feature which is DKIM+SPF and DMARC. The problem is it’s poorly documented, leaves a lot of questions and noone want’s to be the guinea-pig….
In this example I will create a Transport rule to allow all Mailchimp servers to bypass the spamfilter. Not best practice, but the problem is that alot of customers miss legitimate mail from providers like Mailchimp (or any other mailingservice).
You can add your own email servers/domains to the CSV file and it will work the same.
Biggest mystery is: Why do some users get the email and some other don’t? Even if the SPF is correct and so on? I can only guess it has to do with the amount of spam the user/company receives and the EOP gets more “aggressive”. I found this to be true on those accounts that had problems.
So sometimes – you just godda do it quick and dirty…
Here’s a powershell script to run against a CSV with safe domains and allow all emails to bypass the spamfilter that come from a certain domain.
Warning: I really recommend to setup things properly and not just open up the spamfilter for all the domains.
Setup the SPF + DKIM and DMARC properly if you can.
With that said – there are sometimes legitimate uses to this procedure (such as the provider not supporting DKIM). I’ll do a post with step by step on how to set it up properly once I get some answers from Microsoft.
Until then – Quick and dirty.
- Create an empty file called Script_Safedomains.ps1
- Add a seperate CSV file in the same folder as the script – called “SafeDomains.csv” (without the “).
If you want to allow all the mailchimp servers through Office 365 you will need to add the following servers to the CSV file:
- Paste the Powershell script below in the Script_Safedomains.ps1 you just created.
- run the script (Use Powershell ISE or rightclick, run as admin)
This script will do the following:
- Ask for a Username/Password for an adminaccount.
- Create a new transport rule in Exchange online which is called SafeDomains
- Will populate SafeDomains with domains that you saved in a CSV file.
- Will show you the domains that was added to the list
- Will disconnect all PSSessions.
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
New-TransportRule –name SafeDomains –SetSCL -1
$csvImport=Import-Csv .\SafeDomains.csv -header domains
$rule = Get-TransportRule SafeDomains
#create safeDomains as an array
$safeDomains = @()
if ($rule.SenderDomainIs -ne $null)
$safeDomains = $rule.SenderDomainIs
foreach($v in $csvImport.domains)
$safedomains += $v
set-TransportRule SafeDomains -SenderDomainIs $safeDomains
Get-TransportRule "SafeDomains" | select -ExpandProperty SenderDomainIs
Get-PSSession | Remove-PSSession
Credits/Original post on: