Office 365 – How to Whitelist Email Addresses in Outlook

How to Whitelist Emails in Outlook with Office 365

Watch this video or use the instructions below to learn how you can add email addresses or domains to your Safe Senders List in Outlook to whitelist them.

We’ll cover how to do this in the Outlook desktop app as well as online through the Outlook Web App.

Full Transcript: 

• If you want to make sure you get emails from a specific contact in Office 365 and you’re not an IT Admin, you can add email addresses to your Safe Senders List in Outlook.
• I’m going to cover two methods for doing this:
  • First, I’ll show you how you can do this in the Outlook Desktop Client
  • And then I’ll show you using the Outlook Web App
• There are some important security consequences to whitelisting email addresses and domains, which you can learn more about on our website. To keep this video short though, I’m just going to cover how to accomplish this.
• In the Outlook Desktop Client, select Junk from the Home tab of the ribbon. Then select Junk Email Options.
• In the flyout window, select the Safe Senders tab and click the Add… button.
• Type in the email address or domain you want to whitelist for Office 365 and then press OK. Then press Apply. This email address is now on your Safe Senders list in Office 365.
• We can also edit our Safe Senders in the Outlook Web App. I have this browser open to the Office 365 home page. I’m going to select Outlook from my apps to go to the Outlook Web App.
• Select the Gear icon from the top right of your screen and select View all Outlook Settings.
• In the flyout window, select Junk Email and we’re looking for the Safe Senders and Domains header. We’re going to select the Add icon and then type in the email address we want to whitelist. When we’re done, we’ll hit Enter and then Save at the top.
• This email address is now whitelisted in Office 365.

How to Add Email Addresses to Your Safe Senders List in Office 365

If you want to make sure you get emails from a specific contact in Office 365, you’ve probably stumbled on a lot of articles that talk about using the Exchange Admin center or PowerShell. 

The problem with these methods is unless you’re an IT admin, you probably don’t have access to the Exchange Admin Center or PowerShell.

Instead, you can add an email address to your Safe Senders list in Office 365. This will whitelist the email in Office 365 for just your account—if you want to make a larger change, you’ll need to get with an IT admin using one of the methods above, and we have instructions for that too.

Whitelisting an Email Address vs. Whitelisting an Email Domain

There are two different ways to whitelist emails. You can whitelist a specific email address or you can whitelist all email addresses from a certain domain.

So for example, say your bank keeps emailing you from [email protected] and you’re tired of digging around your junk mail folder for important notices. You could choose to whitelist

1. The email address, [email protected]
2. The email domain, yourbank.com

Either of these methods will result in your bank notifications being delivered, but there are some nuances between the two options.

The Security Risks of Whitelisting an Entire Domain

Email phishing attacks have increased more than 250% over the last year, making them the most common type of malicious attack according to Microsoft’s 2018 Security Intelligence Report (Volume 24).

Phishing Attack – A phishing attack is a form of social engineering where malicious actors send emails disguised as legitimate to trick users into giving up sensitive information—credit card numbers, login credentials, etc.

Hackers sending phishing emails are often able to spoof an important email domain—like Microsoft—or even your bank. To the recipient, these emails appear to come from these reputable senders because they appear to have the correct email domain.

When you whitelist an entire domain in Office 365, some of these “spoofed” emails or phishing attempts that would normally be caught and stopped by Office 365 intelligence and security measures are instead sent straight to your inbox—where you’re more likely to fall prey to the attack.

Whitelisting a single email address in Office 365 helps prevent this type of threat because only one single email address is given the “go ahead,” while all others are still subject to Office 365 security screenings.

Of course, the address you’ve whitelisted is still at risk of being spoofed, so it’s always important to stick to email security best practices and never give sensitive information out over email.

Whitelisted Domains and Exchange Online Protection.

The risk of phishing attacks is why Exchange Online Protection will ignore any domains you’ve whitelisted by default.

Microsoft states any email addresses or domains in your safe senders and recipients list are never sent to your Junk Email Folder. However, if your organization has Exchange Online Protection, email addresses added to the Safe Senders list will be honored, but not Safe Domains added by users:

EOP will honor your users’ Safe Senders and Recipients, but not Safe Domains. This is true regardless of whether the domain is added through Outlook on the Web or added in Outlook and synchronized using Directory Sync.

This can be a helpful if you’re troubleshooting why email domains you’ve added to your safe senders list may still be going to your junk mail. Try adding only the specific email addresses you need to your list instead.

How to Add an Email Address to Your Safe Senders List in Office 365

Now that we’ve gotten some of the preliminary pieces out of the way, let’s get to how you actually add email addresses to this list.

There are two ways end users can add email address to their safe senders list:

1. Directly in their desktop Outlook App
2. In Outlook on the Web (Outlook Web App)

This article will include directions for both methods.

How to Add Email Addresses to Your Safe Senders List in the Outlook Desktop App

1. On the Home tab of the Ribbon in Outlook, find the Delete group.
2. From the Delete group, select Junk.
3. From the dropdown select Junk Email Options

4. Navigate to the Safe Senders tab.

5. Select the Add button.
6. Type your desired email address or domain in the flyout window.
7. Hit the OK button.

This email address is now whitelisted in Office 365.

How to Whitelist Email Addresses in The New Outlook Web App

The Outlook Web App recently received a facelift. If you’re on the new version, use these instructions. If you’re on the old version, use the whitelisting instructions in the next section.

1. Log in to Office 365 
2. Choose Outlook from your list of apps.

3. Select the Settings (gear) icon at the top right of your browser.
4. Select View All Outlook Settings link at the bottom of the pane.
5. Select Mail from the left and then Junk Email.

6. Under the Safe Senders and Domains heading, select the Add button.
7. Type your desired email address or domain in the box.
8. Hit Enter on your keyboard to add the address or domain to the list.
9. Press the Save button at the top right of the flyout window.

How to Add Email Address to Your Safe Senders List in the Old Outlook Web App

1. Log in to Office 365 
2. Choose Outlook from your list of apps.

3. Select the Settings (gear) icon at the top right of your browser.
4. Select Mail under the Your App Settings header at the bottom of the pane.

5. Select Block or Allow in the Accounts section.
6. Click into the Enter a sender or domain here box with your cursor.

7. Type your desired address or domain and press Enter on your keyboard.
8. Press the Save icon at the top of the page to save your addition.