1. Hook Security Inc
  2. Technical Documentation
  3. General Setup & Provisioning

Whitelisting by Email Header in Exchange 2013, Exchange 2016, Office 365 Follow

Avatar
Hook Security Team
  • Updated

Whitelisting by Email Header in Exchange 2013, Exchange 2016, Office 365

In order for phishing simulations to reach your users when using Exchange 2013, Exchange 2016, or Office 365, you must whitelist by both email header and IP address.  If configured correctly, you will have set up 4 mail flow rules; bypass spam by IP, bypass junk folder by IP, bypass spam by email header, and bypass junk folder by email header.

To whitelist, our phishing emails by email header in Office 365, follow the instructions below.

Bypassing Clutter and Spam filter by Email Header (Exchange 2013, 2016, and 0365)

  • Log in to Office 365 mail server admin portal
  • Go to Admin -> Exchange 

image003.png

  • In the mail flow section, click rules

image001.png

  • Click the large plus-dropdown-icon.png icon.
  • Select Bypass spam filtering… from the dropdown menu. This will open the New Rule screen.
  • Give the rule a name, for example: “PhishingBox O365 Email Header - Bypass Spam Filter
  •  Apply this rule if…
    • A message header > includes any of these words...
    • On the right, you will see Enter text and Enter words...
    • Click Enter text and type 'X-PHISHTEST'
    • Click Enter words and type in 'PhishingBox' and 'Hook Security'
    • Click the plus-icon.png icon.
  •  Do the following…
    1.  this field is set to Set the spam confidence level (SCL) to… and Bypass spam filtering is set.
    2. Add a second action to Do the following... to Modify the message properties > Set a message header to this value ‘X-MS-Exchange-Organization-BypassClutter’ then click Enter text... and set to ‘true’
  • Save the rule

Completed Mail Flow Rule

image002.png

Bypassing Junk Folder (0365 ONLY)

  • Log in to Office 365 mail server admin portal
  • Go to Admin -> Exchange
  • Click on the mail flow section
  • Click the large + on the right to create a new rule.
  • Give the rule  a name e.g. “Hook Security O365 Email Header – Skip Junk Folder”
  • Click on more options
  •  Apply this rule if…
    • A message header > includes any of these words
    • On the right side you will see 'Enter text' and 'Enter words...
    • Click 'Enter text...' and enter ‘X-PHISHTEST
    • Click 'Enter words...' and enter 'PhishingBox' and 'Hook Security'
  • Click the + and OK.
  • Under Do the following…
    • Click Modify the message properties.
    • Then Set a Message Header.
    • Set the message header to this value…
      • Set the message header ‘X-Forefront-Antispam-Report’ to the value ‘SFV:SKI;’
  • Under Properties of this ruleset the priority to follow the existing rule for the Spam Filter outlined above.
  • Click Save to save the rule.

Completed Mail Flow Rule

image004.png

Allow time for propagation of these rules.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more
Powered by Zendesk