Whitelisting by Email Header in Exchange 2013, Exchange 2016, Office 365 Follow
Whitelisting by Email Header in Exchange 2013, Exchange 2016, Office 365
In order for phishing simulations to reach your users when using Exchange 2013, Exchange 2016, or Office 365, you must whitelist by both email header and IP address. If configured correctly, you will have set up 4 mail flow rules; bypass spam by IP, bypass junk folder by IP, bypass spam by email header, and bypass junk folder by email header.
To whitelist, our phishing emails by email header in Office 365, follow the instructions below.
Bypassing Clutter and Spam filter by Email Header (Exchange 2013, 2016, and 0365)
- Log in to Office 365 mail server admin portal
- Go to Admin -> Exchange
- In the mail flow section, click rules
- Click the large
icon.
- Select Bypass spam filtering… from the dropdown menu. This will open the New Rule screen.
- Give the rule a name, for example: “PhishingBox O365 Email Header - Bypass Spam Filter”
- Apply this rule if…
- A message header > includes any of these words...
- On the right, you will see Enter text and Enter words...
- Click Enter text and type 'X-PHISHTEST'
- Click Enter words and type in 'PhishingBox' and 'Hook Security'
- Click the
icon.
- Do the following…
- this field is set to Set the spam confidence level (SCL) to… and Bypass spam filtering is set.
- Add a second action to Do the following... to Modify the message properties > Set a message header to this value ‘X-MS-Exchange-Organization-BypassClutter’ then click Enter text... and set to ‘true’
- Save the rule
Completed Mail Flow Rule
Bypassing Junk Folder (0365 ONLY)
- Log in to Office 365 mail server admin portal
- Go to Admin -> Exchange
- Click on the mail flow section
- Click the large + on the right to create a new rule.
- Give the rule a name e.g. “Hook Security O365 Email Header – Skip Junk Folder”
- Click on more options
- Apply this rule if…
- A message header > includes any of these words
- On the right side you will see 'Enter text' and 'Enter words...'
- Click 'Enter text...' and enter ‘X-PHISHTEST’
- Click 'Enter words...' and enter 'PhishingBox' and 'Hook Security'
- Click the + and OK.
- Under Do the following…
- Click Modify the message properties.
- Then Set a Message Header.
- Set the message header to this value…
- Set the message header ‘X-Forefront-Antispam-Report’ to the value ‘SFV:SKI;’
- Under Properties of this ruleset the priority to follow the existing rule for the Spam Filter outlined above.
- Click Save to save the rule.
Completed Mail Flow Rule
Allow time for propagation of these rules.
Comments
0 comments
Please sign in to leave a comment.