Whitelisting by Email Header in Exchange 2013, Exchange 2016, Office 365

Ryan Hardesty
  • Updated
Follow

In order for phishing simulations to reach your users when using Exchange 2013, Exchange 2016, or Office 365, you must whitelist by both email header and IP address. For instructions on whitelisting by IPs in Office 365, see article: Whitelisting IP Addresses in Exchange 2013, 2016, or Office 365. If configured correctly, you will have set up 4 mail flow rules; bypass spam by IP, bypass junk folder by IP, bypass spam by email header, and bypass junk folder by email header.

To whitelist our phishing emails by email header in Office 365, follow the instructions below.

Bypassing Clutter and Spam filter by Email Header (Exchange 2013, 2016, and 0365)

  • Log in to Office 365 mail server admin portal
  • Go to Admin -> Exchange 

image003.png

  • In the mail flow section, click rules

image001.png

  • Click the large plus-dropdown-icon.png icon.
  • Select Bypass spam filtering… from the dropdown menu. This will open the New Rule screen.
  • Give the rule a name, for example: “PhishingBox O365 Email Header - Bypass Spam Filter
  •  Apply this rule if…
    • A message header > includes any of these words...
    • On the right you will see Enter text and Enter words...
    • Click Enter text and type 'X-PHISHTEST'
    • Click Enter words and type in 'PhishingBox'
    • Click the plus-icon.png icon.
  •  Do the following…
    1.  this field is set to Set the spam confidence level (SCL) to… and Bypass spam filtering is set.
    2. Add a second action to Do the following... to Modify the message properties > Set a message header to this value ‘X-MS-Exchange-Organization-BypassClutter’ then click Enter text... and set to ‘true’
  • Save the rule

Completed Mail Flow Rule

image002.png

Bypassing Junk Folder (0365 ONLY)

  • Log in to Office 365 mail server admin portal
  • Go to Admin -> Exchange
  • Click on the mail flow section
  • Click the large + on the right to create a new rule.
  • Give the rule  a name e.g. “PhishingBox O365 Email Header – Skip Junk Folder”
  • Click on more options
  •  Apply this rule if…
    • A message header > includes any of these words
    • On the right side you will see 'Enter text' and 'Enter words...
    • Click 'Enter text...' and enter ‘X-PHISHTEST
    • Click 'Enter words...' and enter 'PhishingBox'
  • Click the + and OK.
  • Under Do the following…
    • Click Modify the message properties.
    • Then Set a Message Header.
    • Set the message header to this value…
      • Set the message header ‘X-Forefront-Antispam-Report’ to the value ‘SFV:SKI;’
  • Under Properties of this rule set the priority to follow the existing rule for the Spam Filter outlined above.
  • Click Save to save the rule.

Completed Mail Flow Rule

image004.png

Allow time for propagation of these rules.

You will also want to whitelist our IP addresses. See article: Whitelisting IP Addresses in Exchange 2013, 2016, or Office 365 for more information.

If you have additional questions please feel free to contact our Support staff.

Related articles

Comments

0 comments

Please sign in to leave a comment.