To ensure that the phishing test is successful, and the phishing emails bypass spam filters, the following settings should be enabled in your Exchange 2010 instance. The process is identical for each of those three mail servers.
Safelisting (whitelisting) is necessary to send simulated phishing emails that will bypass your mail filter. While safelisting by IP address or domain is recommend, this may not work if your system setup depends on a cloud-based spam filter. In this instance, safelisting by headers may be the most suitable way to ensure phishing test emails are delivered to your users.
Once your settings are in place, it may take some time for those settings to propagate. We recommend that you wait 1-2 hours and then set up a phishing campaign to yourself or a small group to test out your new safelisting rule.
Instructions for Safelisting by Email Headers in Exchange 2010
- Open your Exchange Management Console (EMC).
- Expand Organization Configuration on the left-hand side, and click Hub Transport.
- Enter a name for your New Transport Rule, such as "Bypass Spam Filtering by Email Header", and click Next.
- In Step 1, select condition "when the message header contains specific words". Beneath Step 2, complete the following steps:
- Select message header and type in the header "X-PHISHTEST"
- Select specific words and then enter "PhishingBox"
- Click Next.
- In Step 1, select action "set the spam confidence level to a value". In Step 2, set the Spam confidence level (SCL) threshold to -1. Click Next.
- Click Next to create rule, then select New to continue.
Once you have completed this setup please allow time for the new rule to propagate, and then set up a test phishing campaign for yourself or a small group, to test out your new safelisting rule.
Please sign in to leave a comment.