We have a transport rule that blocks all outside emails unless a user is in a security group then it will allow the domains that are in the "except when the from address contains" exception.
What we are finding is if we have contoso.com in the exception list and its abc.contoso.com the abc.contoso.com gets blocked. But we would need to allow both contoso.com and abc.contoso.com
I read somewhere (can't find it now) you could do contoso.com$ and it would allow subdomains but it does not seem to be working.
Any assistance would be great.