Posting to chat should be controlled via Exchange Online Protection and/or Transport Rules.
Any message posting to chat in a Team should be controlled by the administrators. A wrong or inappropreate message, i.e. malware attached, should be quarantined and safely deleted. So it should be routed via EOP and/or Transport Rules, or on-premises antispam appliances.
It's not good enough protection by domain whitelist.