Given the Cybersecurity threat landscape which has been greatly exacerbated by COVID19, how do you really know if your Email has been successfully delivered until you get a reply (and this could take days given today’s environment)?

Well, this is where the concept of “Quarantining” and “Whitelisting” comes into play and is the focal point of this article.

The Quarantining of Emails

In the world of M365, there is a distinct separation between a Quarantined Email and one that is a Spam Email.  For example, with the latter, many Email messages that are sent from mass E-Mail marketing blasts often end up in the Spam Folder.  This also includes those messages that are transmitted from unknown senders that are not in your contact book, or others that basically have no contextual meaning in them whatsoever and could be indicative of a potential Phishing Email.

Most commercial Email systems that are free to use (which primarily includes the likes of Hotmail, Gmail, Yahoo Mail, and a plethora of others) have now become particularly good at capturing these kinds of “garbage” based Email messages.  But the key here is that you can still access them and decide for yourself if that particular Email is actually worthy enough to be redelivered back into your inbox once again.  So, going forward, you will start to receive Emails from that designated sender straight into your inbox.

But keep in mind, that as you do this, you are taking a risk in deciding for yourself if an Email is safe or not.  Given just how sophisticated Phishing based Emails have become these days, this can be a huge gamble that you are taking on.  But this is not the case if you are using M365 to send, transmit and receive your messages.

With this, any Emails that are deemed to be highly suspicious in nature, for example, if they contain attachments that could contain malware payload, are set aside in a different area of M365.  Thus, they become “quarantined”.  The key difference here is that in comparison to other free Email services just described, you cannot directly access these types of Emails.   For security reasons, only the system or network administrator in your company can access them and decide for themselves if they are safe enough to be sent back to you.

But you can still receive Spam Emails in your “Junk Email” folder, if you are making use of Microsoft Outlook.  What is nice about this Email package is that you can custom-create rules and policies in order to block certain kinds of Emails.  Moving these kinds of messages over to your inbox is virtually the same process as moving them from Spam in one of the free Email services.

In order to gain access to your quarantined Emails, your system/network administrator must give the access rights to manage them, only after they have been thoroughly inspected first by the IT Security team.  Once you are given the green light, you can then access your quarantined messages by going to this link:

https://protection.office.com/quarantine

From here, you will be prompted to enter in your M365 credentials, and once you have done that you can then view your quarantined messages (in the “Threat Management” section of your online account), and take further action on them, such as sending them back to your inbox or just deleting them altogether.  It is important to note that any quarantined messages in M365 are held for a period of 30 days, which is the maximum amount.

The Concept of Whitelisting

Simply put, in the world of Cybersecurity, Whitelisting simply means that you are creating an approved list of domains that will be checked before the system disallows any email. This “Safe List” is created and maintained by your network/systems administrator. 

As a result of this, you will be able to receive and transmit messages to any entity without any worries (provided that they are on the “safe list”). The opposite of this is Blacklisting, where your IT Security team specifically puts in those domains that have been known to be malicious in nature, or redirect end users to phony and spoofed websites.

The Whitelisting of Email Addresses In Outlook

To a limited degree, if you are making use of Microsoft Outlook, you can also whitelist certain Email addresses, by following these steps:

  1. Make sure that you have first logged into the Web based version of Outlook:
  2. Click on the “Gear” icon, and from there, select “Settings”:

  3. After scrolling down on the above-mentioned screen in the last step, scroll down to “Mail”:

  4. Click on the “Accounts” section, and from there, select “Block or Allow”:

  5. A new screen will appear, called “Safe Senders and Recipients”.  From here, click on the “+” icon on the far-right hand side:

    Note that the “+” icon will allow you to add those Email addresses that you deem are to be safe
    in nature.
  6. Any Email addresses you have entered into this particular Whitelist will appear as follows:

  7. You will then be prompted to save your Whitelist, as follows:

(NOTE:  Source for these images:  1).

The Whitelisting of Domains In M365

Only system/network administrators can actually whitelist domains in M365. To do so, follow these steps:

  1. Log into portal.micorosoft.com
  2. On the far-left hand side, select the following, in this sequence:
    • Admin;
    • Exchange;
    • Mailflow.
    When you do this, the following screen will then appear:

    From the above, select “The Sender”, then hover all the way down to the “Domain Is”, and click “Save”.
  3. After you do the above, then the following will screen will appear:

    From here, follow these steps in this sequence:
    *Click the “+” icon in order to select “Bypass Spam Filtering”.  This is the first entry to be made;
    *In the second entry to be made which is entitled “Apply this rule if . . .”, follow these steps in this sequence:
    *Select the domain;
    *Then click on “Add Condition”.
  4. If there are no more domains to be added then click on “Stop processing more rules”;
  5. Click on “Save”.

(NOTE:  Source for these images:  2).

Whitelisting Domains Using Powershell

This is an advanced topic and will be covered in a later blog written specifically for system administrators.

Conclusions

Overall, this article has examined the concepts of both Quarantining and Whitelisting in M365.  There are other steps you can take to ensure that your Emails have been sent and that your domains are whitelisted, with the following:

  1. The Domain Keys Identified Mail (DKIM):
    This is a specific authentication technique which allows for the recipient of the Email to check that it was actually sent.
  2. The Domain-based Message Authentication, Reporting and Conformance (DMARC):
    This is a specialized protocol that allows the owners of domains to protect them from unauthorized usage and even heisting.  This has been created and implemented to protect from all variants of Phishing based attacks.

Sources

  1. https://downtimemonkey.com/blog/how-to-whitelist-an-email-address-in-outlook-office365.php
  2. http://kb.rolet.com/whitelist-domain-bypass-spam-filtering-microsoft-office-365/
  3. https://www.tachytelic.net/2014/05/white-list-domains-office-365-bulk-add/
  4. https://guides.downstate.edu/c.php?g=654922&p=4870487
  5. https://nordvpn.com/blog/what-is-whitelisting/
  6. https://www.dmarcanalyzer.com/dkim/