Safelisting IP Addresses and Email Headers in Exchange 2013, 2016, or Office 365

The following details the process of safelisting (aka whitelisting) our simulated phishing email servers on your Exchange 2013, 2016, or Office 365 platforms.

You need to initialize an IP Allow List which includes our IP addresses, found in this article. You will then set up a mail flow rule to permit incoming mail to bypass the Clutter folder and Microsoft's Exchange Online Protection (EOP) spam filter. Do both to safelist successfully.

After safelisting Portal IP addresses, you must safelist by email headers as well.

Finally, we strongly recommend that you also set up a connector in Office 365. This will prevent Portal emails from being blocked due to Microsoft greylisting.

After updating your settings, it may take time for the settings to propagate. You should wait 1-2 hours then set up a small test phishing campaign to be sure your new safelisting rules are functioning properly.

In addition to the steps outlined below, we advise that you add a connector to O365. Microsoft recently implemented a graylisting policy which may throttle or defer emails sent to your domain from PhishingBox. Please see the following articles for more information.

Setting Up a Connector in Office 365

Microsoft on Graylisting

The steps for setting your safelisting rules by IP are as follows:

1. Set Up Your IP Allow List
2. Bypass Clutter and Spam Filtering by IP Addresses
3. Bypass the Junk Folder
4. Safelisting by Email Header in Exchange 2013, Exchange 2016, Office 365
5. Bypassing Clutter and Spam filter by Email Header
6. Bypassing Junk Folder for Email Headers (Office 365 ONLY)

Setting Up IP Allow List

If you are using Exchange Server 2010, Exchange Server 2013, Exchange Server 2016, or Exchange Server 2019, you can set up an IP allow list using the command line. See these instructions for more information.

If you do not wish to use the command line, follow the instructions below to set up an IP allow list using the exchange GUI.

1. Log into your mail server admin portal and click Admin.
2. Click on Exchange.
3. Click on connection filter (beneath protection heading).
4. Click on connection filter in the protection section, then click the 
5. Click on connection filtering.
6. Under the IP Allow list, click the  to add an IP address.
7. On the Add allowed IP address prompt, add our IP addresses one at a time.
8. Click  Save. After setting up an IP allow list, you will want to set up a mail flow rule to permit our mail to bypass spam filtering and the clutter folder.

Completed Connection Filtering

Bypassing Clutter and Spam Filtering for IP Addresses

To ensure Portal messages will bypass your Clutter folder as well as spam filtering in Microsoft's EOP, follow the steps below.

• Go to Admin > Mail > mail flow > rules

• Click the  dropdown under the Rules tab. Select Create a new rule.
• Give the rule a name, e.g. "Bypass Clutter and Spam Filtering by IP"
• Click More options
• Add the condition Apply this rule if....
• Select The sender and select IP address is in any of these ranges or exactly matches.
• Specify the sender IP addresses which can be found in this article, then click OK.
• Under Do the following, click Modify the message properties then Set a Message Header.
• Click on the *Enter text... button to set the message header to the following value:
  • Set the message header "X-MS-Exchange-Organization-BypassClutter" to the value "true". Both commands are case-sensitive.
• Add an additional action under Do the following to Modify the message properties. Here, click on Set the spam confidence level (SCL) to... and select Bypass Spam Filtering.
• Click Save.

Completed Mail Flow Rule

Bypassing the Junk Folder (Office 365 mail servers ONLY)

Setting this rule will permit only simulated phishing emails from Portal to bypass the Junk folder to ensure users are receiving the simulated phishing emails in their inboxes.

Note for Office 365 Environments: If you safelisted our email servers prior to February 2018, you must add an additional mail flow rule in your Office 365 Admin center. This rule can be found below.

• Go to Admin > Mail > Mail Flow
• Click the  dropdown under the Rules tab. Select Create a new rule.
• Give the rule a name, e.g. "Portal Skip Junk Filtering".
• Click on More options.
• Add the condition Apply this rule if.....
• Select The sender, then click on More options and select IP address is in any of these ranges or exactly matches.
• Specify the sender IP addresses which can be found in this article, then click OK.
• Under Do the following, click Modify the message properties the Set a Message Header.
• Set the message header to this value: the header "X-Forefront-Antispam-Report" to the value "SFV:SKI;".
  • Note: see this article to learn more about this header.
• Under Properties of this rule set the priority to directly follow the existing rule (see Bypassing Clutter and Spam Filtering) set up for Portal safelisting.
• Click Save.

Completed Mail Flow Rule

After following the instructions above, you will want to safelist by email header as well (see the instructions under Safelisting by Email Header Exchange 2013, Exchange 2016, Office 365 in this article).

After completing the steps above, we recommend that you set up a small test phishing campaign to ensure our simulated phishing emails can reach your users. If the phishing emails can reach your test inboxes, you will know you have successfully safelisted our servers.

Safelisting by Email Header in Exchange 2013, Exchange 2016, Office 365

To safelist our phishing emails by email header in Exchange 2013, Exchange 2016, and Office 365, follow the instructions below.

Bypassing Clutter and Spam filter by Email Header (Exchange 2013, 2016, and 0365)

• Log in to Office 365 mail server admin portal
• Go to Admin -> Exchange 

• In the mail flow section, click rules

• Click the large  icon.
• Select Bypass spam filtering… from the dropdown menu. This will open the New Rule screen.
• Give the rule a name, for example: “PhishingBox O365 Email Header - Bypass Spam Filter”
•  Apply this rule if…
  • A message header > includes any of these words...
  • On the right you will see Enter text and Enter words...
  • Click Enter text and type 'X-PHISHTEST'
  • Click Enter words and type in 'PhishingBox'
  • Click the  icon.
•  Do the following…
  1.  this field is set to Set the spam confidence level (SCL) to… and Bypass spam filtering is set.
  2. Add a second action to Do the following... to Modify the message properties > Set a message header to this value ‘X-MS-Exchange-Organization-BypassClutter’ then click Enter text... and set to ‘true’
• Save the rule

Completed Mail Flow Rule

Bypassing Junk Folder for Email Headers (Office 365 ONLY)

• Log in to Office 365 mail server admin portal
• Go to Admin -> Exchange
• Click on the mail flow section
• Click the large + on the right to create a new rule.
• Give the rule  a name e.g. “PhishingBox O365 Email Header – Skip Junk Folder”
• Click on more options
•  Apply this rule if…
  • A message header > includes any of these words
  • On the right side you will see 'Enter text' and 'Enter words...' 
  • Click 'Enter text...' and enter ‘X-PHISHTEST’
  • Click 'Enter words...' and enter 'PhishingBox'
• Click the + and OK.
• Under Do the following…
  • Click Modify the message properties.
  • Then Set a Message Header.
  • Set the message header to this value…
    • Set the message header ‘X-Forefront-Antispam-Report’ to the value ‘SFV:SKI;’
• Under Properties of this rule set the priority to follow the existing rule for the Spam Filter outlined above.
• Click Save to save the rule

Completed Mail Flow Rule

Allow time for propagation of these rules.

If you have additional questions please feel free to contact our Support staff.

• Open a Support Ticket: support@phishingbox.com
• Call Us on the Phone: +1 877-634-6847