You want more information on how to work with the approved and blocked senders lists.
You can define a list of approved senders or blocked senders for your organization. An approved sender is identified by their IP address, domain name, or email address that you want to receive email from, even though they may be on the public block list or a custom blocked list. A blocked sender is an IP address, domain name, or email address that you want to block emails from.
You can define approved and blocked senders lists at global, group, and user level. For example, you can enable some users to manage their own lists and manage those of others yourself. You can also define a user's lists initially and the individual user can manage them in Email Quarantine thereafter.
You cannot define approved senders and blocked senders lists at domain level. You define approved and blocked senders lists in the following ways:
Manually add entries to the list in the portal.
Download the existing list, edit it locally, and upload the revised list back to the portal.
The portal accepts entries in the following formats:
IP address with wildcard or CIDR notation (/1 to /32)
The list strictly applies to the envelope sender email address, also designated as the RFC5321.Mail From. Note that "X-Env-Sender" is inserted into the header of the email to assist administrators. If you enter a domain in your approved or blocked senders list, it includes all of its sub-domains automatically. For example, if you add mydomain.com as an approved sender, it will also apply to sub.mydomain.com.
Each entry is subject to validation rules to work properly. For a complete list, see our Validation rules for approved and blocked senders lists article.
Global and User approved and blocked senders lists can contain up to 3000 entries each. Group approved and blocked senders lists can contain up to 150 entries each.
Do not put your domain name in your own approved senders list. By including your own domain name, you open the organization up to a security exploit. This may occur because spammers sometimes spoof the sending email address to match the target email domain (you) in an attempt to bypass Anti-Spam scanning. Instead, include your partners' sending IP addresses.
You cannot add a user who is on the exclusion list as an approved or blocked sender.
More information on how each scanner flags an email can be found here. This can be used to effectively only allow approved sender for a specific scanner rather than a complete bypass.