Why can't I add my own domain to the Allow list?
In a nutshell, adding a high risk domain creates a large hole in your email security that will create a much higher rate of spam making it through the filters. It is very common for spammers to use random addresses from your domain to trick your users into 'trusting' that email.
Why am I not able to Allow popular root level domains such as gmail.com, aol.com, or yahoo.com?
Much like the scenario above, spammers will use well-known and heavily used ISP and 'common' domain names to spoof return/from addresses. If you were to allow email based on this root domain, you would be opening your users to high rates of spam.
Below is an example of the screen you would see if you tried to enter your domain or another high-risk domain.
Example: Attempting to add domain level allow for the domain gmail.com