Skip to main content

Scripts for Safelisting in Microsoft 365

PhishingBox Support
  • Updated

This article provides two scripts used in safelisting for Microsoft 365 email clients. You can find more information on how to implement PowerShell scripts through Exchange here and through Azure Active directory here

  1. Mail Flow Rules (deprecated)
  2. Safe Senders

Mail Flow Rules (deprecated)

Implement the four mail flow rules for bypassing by Junk, Spam and Clutter by IP and email Header 

if (-NOT (Get-Module -ListAvailable -Name ExchangeOnlineManagement)) {
Install-Module -Name ExchangeOnlineManagement
}
Import-Module ExchangeOnlineManagement
$UserPrincipalName = Read-Host "UserPrincipalName"
$HeaderValue = Read-Host "X-PHISHTEST Header Value (default PhishingBox)"
if ([string]::IsNullOrEmpty($HeaderValue)) {
$HeaderValue = "PhishingBox"
}
Connect-ExchangeOnline -UserPrincipalName $UserPrincipalName
New-TransportRule "Phishing Testing - Bypass Spam By IP" -SenderIpRanges "64.191.166.0/24" -SetHeaderName "X-MS-Exchange-Organization-BypassClutter" -SetHeaderValue "true" -SetSCL "-1"
New-TransportRule "Phishing Testing - Bypass Junk By IP" -SenderIpRanges "64.191.166.0/24" -SetHeaderName "X-Forefront-Antispam-Report" -SetHeaderValue "SFV:SKI;"
New-TransportRule "Phishing Testing - Bypass Spam By Header" -HeaderContainsMessageHeader "X-PHISHTEST" -HeaderContainsWords $HeaderValue -SetHeaderName "X-MS-Exchange-Organization-BypassClutter" -SetHeaderValue "true" -SetSCL "-1"
New-TransportRule "Phishing Testing - Bypass Junk By Header" -HeaderContainsMessageHeader "X-PHISHTEST" -HeaderContainsWords $HeaderValue -SetHeaderName "X-Forefront-Antispam-Report" -SetHeaderValue "SFV:SKI;"

 

Safe Senders

Adding senders to user's safe senders list will remove the "Some content of this message has been blocked..." banner and allow the mail client to automatically download images in emails from the sender. If images are downloaded, opens will be recorded when a user views the email.

if (-NOT (Get-Module -ListAvailable -Name ExchangeOnlineManagement)) {
Install-Module -Name ExchangeOnlineManagement
}
Import-Module ExchangeOnlineManagement
$admin = Read-Host "Exchange admin email or UPN"
Connect-ExchangeOnline -UserPrincipalName $admin
$users = Get-User
$senders = 'example@example.com' #add safe senders here, in quotes and comma-separated
foreach($user in $users){
$out = 'Adding Trusted Senders to {0}' -f $user.UserPrincipalName
Write-Output $out
Set-MailboxJunkEmailConfiguration $user.UserPrincipalName -TrustedSendersAndDomains @{Add=$senders}
}
Write-Output "Finished!"

Note: You will need to assign all senders you wish to add to user's safe senders list to $senders, in quotes and comma-separated. For example $senders = 'example@asd.com', 'second@123.com' , ...

Related articles

Comments

0 comments

Please sign in to leave a comment.