Overview
Notice: The following method of safelisting has been deprecated as of 09/01/2021. You will want to implement the new advanced delivery rules here for Outlook clients.
The following details the process of safelisting our simulated phishing email headers on your Exchange 2013, 2016, or Office 365 platforms.
Mail filters will sometimes block the emails our servers send, but there is a way to resolve this issue with safelisting. Safelisting allows for phishing emails sent from PhishingBox to bypass any mail filters or junk, spam and clutter folders. We do recommend however to safelist by IP if possible (for example if you are using a cloud security system). When safelisting by IP is not applicable, safelisting by header is an effective way to make sure that phishing emails are delivered. Below we will show you how to set up header rules for Spam and Clutter as well as the Junk folder.
In addition to safelisting, we strongly recommend that you also set up a connector in Office 365. This will prevent PhishingBox emails from being blocked due to Microsoft greylisting.
Bypassing Clutter and Spam Filtering
To ensure PhishingBox emails will bypass your Clutter folder as well as spam filtering in Microsoft's EOP, follow the steps below.
- Go to Admin > Mail > mail flow > rules
- Click the dropdown under the Rules tab. Select Create a new rule.
- Give the rule a name, e.g. "Bypass Clutter and Spam Filtering by Header"
- Click More options
- For the condition Apply this rule if
- A message header > includes any of these words
- You will then see Enter text and Enter words...
- Click Enter text and type 'X-PHISHTEST'
- Click Enter words and type in 'PhishingBox'
- Click the icon.
- For Do the following
-
Modify the message properties > Set a message header to this value
- Enter text for message header as: ‘X-MS-Exchange-Organization-BypassClutter’
- Enter text for value as ‘true’
-
Modify the message properties > Set a message header to this value
- Add an additional action under Do the following
- Modify the message properties > Set the spam confidence level (SCL) to...
- Select Bypass Spam Filtering.
- Click Save.
Completed Mail Flow Rule
Bypassing the Junk Folder
Setting this rule will permit only simulated phishing emails from PhishingBox to bypass the Junk folder to ensure users are receiving the simulated phishing emails in their inboxes.
NOTE: for Office 365 Environments, If you safelisted our email servers prior to February 2018, you must add an additional mail flow rule in your Office 365 Admin center. This rule can be found below.
- Go to Admin > Mail > Mail Flow
- Click the dropdown under the Rules tab. Select Create a new rule.
- Give the rule a name, e.g. "PhishingBox Skip Junk Filtering".
- Click on More options.
- For the condition Apply this rule if
- Click The message headers... > Matches these text patterns
- You will now see Enter text and Enter words...
- Click Enter text and type 'X-PHISHTEST'
- Click Enter words and type in 'PhishingBox'
- Click the icon.
- Under Do the following
- Modify the message properties > Set a Message Header.
- Set the message header to this value: the header "X-Forefront-Antispam-Report" to the value "SFV:SKI;".
NOTE: check the Anti-spam message headers article to learn more about this header.
- Under Properties of this rule set the priority to directly follow the existing rule (see Bypassing Clutter and Spam Filtering) set up for PhishingBox safelisting.
- Click Save.
Completed Mail Flow Rule
After following the instructions above, you will want to safelist by IP as well.
We also recommend that you set up a small test phishing campaign to ensure our simulated phishing emails can reach your users. If the phishing emails can reach your test inboxes, you will know you have successfully safelisted our servers.
Comments
0 comments
Please sign in to leave a comment.