Overview
The Mail Settings page is where you can manage your incoming and outgoing mail settings. You can connect PhishingBox to a mail server via IMAP to log reported actions for forwarded emails or to monitor replies from reply-to phishing email templates. You can connect to a mail server via SMTP to send PhishingBox system emails or phishing emails from your own mail server.
To reach the Mail Settings page, navigate to Administration > Settings > Mail Settings.
Use the links below to jump to a section:
- General
- Direct Delivery
- Security Inboxes
- Reply Inboxes
- SMTP (Outgoing)
- Custom Microsoft Entra ID App
General
The General tab contains system and phishing email settings. On the right-hand side of the page under "Saved System Email Settings", you can review the configured settings for system email. The SMTP settings on this tab is responsible for for sending portal and school system emails (SMTP (Outgoing) is used for phishing emails). PhishingBox offers two default sending domains, mail.phishingbox.com and mail.testingcenter.net, if you do not wish to configure custom SMTP for system emails.
NOTE: Please see our Manage System Emails article for more details on system emails.
The System Email Addresses drop-down is the From and Reply-To address for all system emails. To use a custom System Email Address, you should also set up a custom SMTP connection as well (deliverability can be impacted if you are using a custom email address without an SMTP server). For reseller accounts, the parent account's selection will be displayed as the default selected option in sub-accounts.
You can send yourself a test system/phishing email by clicking the Send Test Email button.
NOTE: Please see our Manage System Emails article for more details on system emails.
- Custom System Email From - This field specifies the email address from which system emails will be sent.
- Custom System Email Reply-To - This field specifies the email address in which will receive replies to system emails.
- Custom Email Header - This is the email header added to phishing emails to help them get past email security and replaces the default X-PHISHTEST. The safelisting settings in your email client will need to be adjusted to accept your settings.
- Custom Email Header Value - This is the value for the custom email header added to phishing emails to help them get past email security. The safelisting settings in your email client will need to be adjusted to accept your settings.
-
Add DKIM to Campaign Emails? - If turned on, then all campaign emails (both phishing and training, as well as Preview & Test emails), will have DKIM added if the domain has DKIM correctly configured. (DKIM [domain keys identified mail] helps with email deliverability.) To check if a domain has DKIM correctly configured, go to Templates > Template Domains. If, in the errors/warnings column you see a warning about the domain not having DKIM configured correctly, then any emails that use that domain can still be sent, however, they will not be DKIM authenticated.
NOTE: The Add DKIM to Campaign Emails setting is on by default.
- Saved System Email Settings - The system email settings that have been saved on the account. You can check deliverability of these types of emails by clicking on the Send Test Email button. (The settings have been obfuscated in the picture above.)
- Saved Phishing Email Settings - The phishing email settings that have been saved on the account. You can check deliverability of these types of emails by clicking on the Send Test Email button.
-
Custom SMTP for System Emails - This setting lets you configure your own SMTP server for sending email. Clicking the "Custom SMTP for System Emails" switch will reveal the outgoing mail server configuration panel, where you can configure the SMTP server from which system emails will come. Input the configuration specified by your mail server in order to allow PhishingBox to connect to the server via SMTP. This will allow PhishingBox to send mail via your mail server.
NOTE: If you are attempting to connect to a mailbox in Microsoft, the account must be a licensed Microsoft user.
NOTE: Some security configurations may block PhishingBox from connecting to your mail servers. PhishingBox admin portal servers (US 54.80.160.189, EU 54.93.55.235) must have access to the SMTP port. Consult with your software or hardware vendor(s) for troubleshooting assistance.
Direct Delivery
Direct Delivery allows you to place messages directly into a Microsoft user's inbox (using Microsoft Graph), without the need of sending an email from a mail server. This allows you to bypass any delivery issues when conducting simulated phishing tests.
The recipient email addresses must exist within the Azure tenant where Direct Delivery is enabled, otherwise they will not receive the mail. When a PhishingBox account has direct delivery enabled, it will attempt to send simulated phishing and training emails to targets in the account using Direct Delivery, if enabled at the end of the campaign creation process.
NOTE: It's possible to enable Direct Delivery for specific group(s) instead of an entire account. See the Direct Delivery Section of our Create / Edit Group article.
To enable Direct Delivery, click the "Enable Direct Delivery" button. The following permissions will be requested:
- Read all users' full profiles
- Read mail in all mailboxes
- Read and write mail in all mailboxes
- Sign in and read user profile
NOTE: These permissions grant access to read, modify or delete emails. Direct Delivery will never interface with inboxes to read, modify or delete emails. These permissions are only used to deliver mail to inboxes.
Click the "Accept" button to grant these permissions. To disable Direct Delivery, click the "Disable Direct Delivery" button:
Security Inboxes
The Security Inboxes tab shows the email accounts that you've added as Inbox connections. The primary goal of these inboxes is for logging reported actions. If a target forwards a simulated phishing email to an inbox listed on your Security Inboxes page, a "Reported" action will show up on the test for the target. If your account has the Security Inbox feature, then these mail accounts will show up on your Security Inbox page in PhishingBox.
You can add three types of Security Inbox accounts: Microsoft Entra ID, Google Workspace, and IMAP.
You can view Microsoft Entra ID connections or IMAP connections by choosing one from the drop-down beside the Show Deleted checkbox. If you select "Show Deleted", then connections that have been deleted will be displayed (you can re-enable deleted connections). The drop-down under actions allows you to edit, turn off/on, delete, or reauthorize (Microsoft Entra ID only) connections.
NOTE: By default, each account is limited to one Security Inbox connection. Please reach out to support if you need more connections.
All security Inboxes will be initially configured as "KillPhish" mailboxes. If your account has the Security Inbox feature, you can edit the configuration to be a "Inbox" mailbox. Doing this will generate the Reviewed Folders.
IMAP Connection
To connect an IMAP account, you'll need the server, port, username, password, and encryption type (SSL or TLS). Once you've entered this information, click the "Test IMAP" button. If PhishingBox is able to successfully connect to the IMAP account, you'll be able to click the Create button. This email account will then appear on your list of Inboxes. It will also show up in the dropdown when you navigate to the Inbox page. The account will be scanned once an hour
For instructions on connecting to a Gmail account, please see this article: Connecting to a Gmail Account (IMAP or SMTP).
Microsoft Entra ID Connection
To connect a Microsoft Entra ID account, set the connection type to Microsoft Entra ID, choose a Microsoft App, and click the Authorize button. For instructions on configuring a custom Microsoft Entra ID app, please see our Adding a Custom Microsoft Entra ID App Registration article. This article also includes the required permissions for Security Inbox.
You'll then be taken to a Microsoft page where you will select the email account you want to connect. Since both the required permissions are delegated, they do not require Administrator consent. If successful, you will be returned to PhishingBox and get a success message.
Google Workspace Connection (COMING SOON)
COMING SOON: To connect a Google Workspace account, set the connection type to Google Workspace and click Authorize. You will then be redirected to log in to Google. Log in using a Google Workspace Global Admin account. You will be asked to verify that Portal has the ability to modify emails in the Google account. After verifying the app, you'll be redirected to the Mail Settings page in Portal.
Reply Inboxes
The Reply Inboxes page shows inboxes set up on your account that will listen for replies to phishing emails. If a target replies to a simulated phishing email and the reply goes to an inbox listed on the Reply Inboxes page, then a "Replied" action will be logged on the test.
NOTE: Custom reply inboxes are not required to log reply-to failures. As long as a reply to a simulated phishing email goes to an email address with a domain that belongs to PhishingBox, the reply action will be logged.
- Last Scan Started - The time that the scan began for the inbox. Once an hour, PhishingBox will read emails in the inbox, searching for simulated phishing emails from targets.
- Last Scan Finished - The time that a scan of the inbox completed.
- Errors - Any error tied to logging into the inbox that PhishingBox encountered.
- Last Tested - The time the inbox connection was last tested.
Only IMAP inboxes can be added on the Reply Inboxes page. To add an inbox, click the Create button, enter the server, port, username, password, and encryption type and test the connection.
For instructions on connecting to a Gmail account, please see this article: Connecting to a Gmail Account (IMAP or SMTP).
SMTP (Outgoing)
The SMTP (Outgoing) tab allows you to set up SMTP connections from which phishing emails can be sent. Once you create an SMTP connection from this tab, you will be able to choose it at the end of campaign setup, as shown in the second screenshot below.
For instructions on connecting to a Gmail account, please see this article: Connecting to a Gmail Account (IMAP or SMTP). For Microsoft 365 accounts, please see this article: Adding a Custom Microsoft Entra ID App Registration. If you're using an SMTP relay, please reference the connecting IPs below:
-
US
- 54.80.160.189
- 54.161.73.139
- 54.158.229.58
-
EU
- 54.93.55.235
- 3.75.8.204
- 52.29.89.35
This is how the SMTP connection can be selected at the end of campaign setup to send phishing/training emails.
Custom Microsoft Entra ID App
Microsoft requires the use of OAuth to connect to an email account and modify messages. In order to add a Microsoft account inbox connection to your list of Inboxes, you must first create an app registration inside your Azure AD admin account. Then, from the Custom Microsoft Entra ID App tab, you can add the app registration by clicking the "Add Custom App" button. This displays a modal in which you'll enter the app name, client id, and client secret. The client id and client secret will come from the app registration in Azure. The app name is something you assign to the Microsoft Entra ID App in PhishingBox for identification purposes.
The client id and client secret will come from the app registration you create in Microsoft Entra ID.
Once you've added an Microsoft Entra ID App, the app will be available from the Microsoft App drop-down when you add a new Security Inbox connection.
NOTE: Please see our Adding a Custom Microsoft Entra ID App Registration article for details on creating the app registration on Azure and connecting the app to PhishingBox.
Comments
0 comments
Please sign in to leave a comment.