Guide to Whitelist an Email in Outlook 365 for Users & Admins

Everyone from premium Microsoft business plan subscribers to those on the free edition, must know how to whitelist an email in Outlook 365. This is crucial because the default Outlook spam filter can sometimes misclassify important emails as spam.

Combined with the 30-day permanent deletion rule, this can break down email conversations. Since there’s no direct whitelist feature and moving individual emails from the junk mail folder to the inbox is inefficient, we’ve compiled a comprehensive set of tips to simplify email whitelisting.

Best Practices to Whitelist Email in Outlook 365

• Add entire domains (like @example.com) to ensure all emails from that organization bypass spam filters.
• Maintain and update your Blocked Senders list to prevent unwanted emails from getting through.
• Monitor your Junk folder regularly and mark legitimate emails as “Not Junk” to improve filter accuracy.
• Verify that SPF, DKIM, and DMARC records are properly set up to authenticate legitimate senders.

Admins may also want to recover deleted folders in Outlook caused by an overcorrected filtering.

Users who check their emails on the go might prefer using the mobile app to set up a whitelist. Although the mobile version has limited email filtering capabilities, a specific feature can be used to create a partial whitelist.

How do I Whitelist an Email Address in the Outlook 365 Mobile App?

The current Outlook mobile app doesn’t have a specific setting for whitelisting emails. However, there’s a workaround using the “Focused tab” feature to create a pseudo-whitelist. While not a true filter, it’s effective for those who use Outlook on the go or only want to read important emails at a glance on their mobile device.

Steps:

• Open the Outlook app on your mobile device.
• Tap the menu icon (three horizontal lines) in the top left corner.
• Go to Settings (gear icon).
  
• Under the Mail section, find and tap on Focused Inbox.
• Toggle the switch to turn on Focused Inbox.

To move emails to the Focused Inbox: These steps are different from the ones used to move archived emails back to the inbox in Office 365. So follow carefully.

• Go to the Junk folder.
• Tap and hold the email until three horizontal dots appear in the top right corner.
• Click on 3 horizontal dots and select “Not Junk.”
  
• Tap “Ok” on the pop-up.

If your email is in the Other tab of the Inbox:

• Tap and hold the email until three horizontal dots appear in the top right corner.
• Select “Move to Focused Inbox.”
  
• In the pop-up, select “Move this and all future messages.”
• Tap “MOVE TO FOLDER.”

Remember that this isn’t a true whitelist or rule, so only the selected message (and future messages if you choose) will be affected.

How to Create a Whitelist in Outlook 365 (Desktop and Web)?

There are several options for creating a whitelist at the user level, thanks to the variety of Outlook versions. Let’s explore them one by one, starting with the browser app.

Outlook 365 Web Portal:

• Log in to the Outlook 365 web portal.
• Click on the cog icon in the top right corner.
• Select Mail > Junk Email > Scroll to Senders.
  

New Outlook Client:

The steps are nearly identical to the web version:

• Select Email > Junk email > Scroll to Senders.

Note: You might see a blank screen in the Junk Email section if you’re trying to set a policy for a non-Outlook account. Only email addresses ending with @outlook.com, @hotmail.com, @on.microsoft.com, or custom domains with a premium Microsoft 365 subscription can set up a whitelist through the client.

Microsoft’s whitelist option is called “Safe Senders.”

• Under Safe Senders, click on “Add Safe Sender” or “Add Safe Mailing List.”
• Then, type the specific email address or perform an Office 365 domain whitelist.
• Press “Ok” and then click “Save.”
  

Outlook Classic:

• On the main Home ribbon, find the delete sub-partition area with a person icon and a prohibition symbol.
• Then, click to expand and select “Junk email options” from the dropdown.
• In the Junk email options box, switch to the Safe Senders tab.
• Click on “Add,” type the name, click “OK,” and then “Apply.”
  

PowerShell Method to Configure an Organization-Wide Whitelist

To set up an organization-wide whitelist in Exchange Online using PowerShell, follow these steps:

Step 1: Open a new instance and establish a connection with Exchange Online PowerShell:

Connect-ExchangeOnline -UserPrincipalName

Step 2: Add Trusted Senders (Whitelist) Globally:

Option 1: Add trusted senders to the existing policy:

Set-HostedContentFilterPolicy -Identity "Default" -AllowedSenders "[email protected]", "[email protected]"

Option 2: Create a new custom policy for whitelisting domains in Office 365:

New-HostedContentFilterPolicy -Name "CustomPolicy" -AllowedSenders "[email protected]"

Then, Apply the policy:

New-HostedContentFilterRule -Name "CustomRule" -HostedContentFilterPolicy "CustomPolicy" -SentToScope "AllRecipients"

To verify:

Get-HostedContentFilterPolicy -Identity "CustomPolicy"

Steps to Whitelist a Domain in Office 365 Admin Center

The default M365 spam prevention policy has 0 allowed senders. So we will edit it to include our white list. For that follow these instructions:

• Step 1. Log into https://security.microsoft.com/ portal.
• Step 2. Then, on the left-hand navigation pane, expand Email & collaboration.
• Step 3. Open Policies & rules, choose Threat policies then click on Anti-spam policies.
  
• Step 4. Select the Default Anti-spam Inbound Policy.
• Step 5. On the right-hand pane, scroll until you see the option to Edit allowed and blocked senders and domains.
  
• Step 6. Then, under the Allowed Senders section, click on Manage sender(s).
• Step 7. Tap on the + Add senders button.
  
• Step 8. Type the email address and press enter.
• Step 9. Repeat Step 8 for as many senders as you like.
  
• Step 10. Press the Add senders button at the bottom of your screen.
• Step 11. View and Verify the list.
• Step 12. Press Done.
  
• Step 13. Hit Save to apply the changes.
  
• Step 14. Finally, Close the Panel.

The policy will now refresh and allow all emails from the added domains in the user mailboxes.

If you are planning to make a new custom policy then you can make the Office 365 domain whitelist by allowing senders during the policy construction itself.
Add the names you want when you reach the Allow & block list section.

Understanding Safe Senders and Safe Mailing Lists

Safe Senders: Ensures emails from specific addresses always go to your inbox, bypassing the junk mail folder.
Safe Mailing Lists: Ensures emails from trusted mailing lists go to your inbox, even if your address isn’t in the “To” line.
Examples:

Add [email protected] to Safe Senders to receive his emails directly in your inbox.
Add [email protected] to Safe Mailing Lists to receive their newsletters.
While Microsoft doesn’t explicitly prevent adding safe sender-type emails to safe mailing lists and vice versa, it’s recommended to choose the most appropriate option for each email type to avoid errors.

Conclusion

Now you have a complete understanding of how to whitelist an email in Outlook 365, whether using a desktop client, web portal, or mobile app. Additionally, we’ve provided instructions for admin-level whitelisting procedures for organization-wide spam protection. Whitelisting emails is just one way to secure your digital communication. Another equally important method is creating backups, which admins can achieve using tools like SysTools Backup for Microsoft 365.

Frequently Asked Questions

What is the procedure to Whitelist an email identified as spam in the M365 Defender Portal?

Go to Microsoft Defender > Actions & Submissions > Submissions > + Submit to Microsoft for analysis > Select submission type, add message ID or Screenshot select either the “I’ve confirmed it’s clean” or “It appears clean” option > Press Next.
Provide any other proof if required. The email should be whitelisted soon.

Is there anything that a sender can do to make Office 365 Whitelist their email domain?

If the filter regularly flangs their emails as spam then ask them to change the format, and share attachments via OneDrive link. They should avoid spam-similar-syntax in the email.

Do senders receive a notification if their email/domain is put in the Outlook email whitelist?

No, all Whitelisting data stays in the account is done on. None of your senders receive any message informing them whether they are on a whitelist or not.

Why do some emails need to be put in an Office 365 domain whitelist?

By default M365 prioritizes safety over email delivery, so if it detects even a small chance of a message being a scam it never even lets it reach your inbox. Unfortunately, this hypersensitive feature may sometimes get triggered on actual important emails. So to prevent it from disrupting email communication admins, or users should build a Whitelist on Outlook with all the senders they know are safe.