If you want to whitelist domains for inbound emails for SPF and DMARC in TMES, you need to add them to the SPF exception list. However, the maximum threshold for ignored peers is 1000, which can affect the scan performance of TMES. Therefore, it is not possible to add more than 1000 domains to the list. Instead, you can use the Sender IP Match feature of TMES, which allows you to add domains and IP addresses to a sender IP match list. If an email message passes the Sender IP Match check, TMES skips its own SPF check as well as the SPF check of DMARC authentication for this message. This is explained in more detail in the Trend Micro Email Security Online Help Center.

If you have concerns about adding IPs and IP ranges because they may change in the future, you can use an alternative solution:

1. Enable the domain SPF and insert the header 'X-TM-Received-SPF'.
2. Set the actions to 'Do not intercept'.
3. Use the content filter policy to filter the header 'X-TM-Received-SPF' by values. You can set many domains in the targets and target exceptions. Refer to the Trend Micro Email Security Online Help Center for the possible header values for different scenarios.

By following these steps, you can whitelist domains for inbound emails using TMES without exceeding the 1000-domain limit or adding IPs and IP ranges that may change in the future.