I've whitelisted a handful of domains in Office 365 by adding a mail flow rule (http://kb.rolet.com/whitelist-domain-bypass-spam-filtering-microsoft-office-365/). I've limited this to domains of customers mostly. I haven't done this for common spam/virus tricks (ups.com, amazon.com, fedex.com). Now I'm having problems with craiglist job posting results getting held as spam after I increased my BCL threshold from 7 to 5 to reduce bulk emails.
I want all emails that are legitimately sent from robot@craigslist.org to be delivered but I don't know if the mail flow rule method is doing any checks to prevent spammers from just spoofing from that address.
My experiences with Office 365 support have been a bit mixedand I didn't find anything else discussing the safety of such white listing method. I hope someone has an answer that will help...