In order for phishing simulations to reach your users when using Exchange 2013, Exchange 2016, or Office 365, you must whitelist by both email header and IP address.  If configured correctly, you will have set up 4 mail flow rules; bypass spam by IP, bypass junk folder by IP, bypass spam by email header, and bypass junk folder by email header.

To whitelist, our phishing emails by email header in Office 365, follow the instructions below.

Bypassing Clutter and Spam filter by Email Header (Exchange 2013, 2016, and 0365)

• Log in to Office 365 mail server admin portal
• Go to Admin > Mail > mail flow > rules

• Click the  dropdown under the Rules tab. Select Create a new rule.
• Give the rule a name, e.g. "Bypass Clutter and Spam Filtering by IP"
• Click More options
• Add the condition Apply this rule if....
• Select The sender and select IP address is in any of these ranges or exactly matches.
• Specify the sender IP addresses which can be found in this article, then click OK.
• Under Do the following, click Modify the message properties then Set a Message Header.
• Click on the *Enter text... button to set the message header to the following value:
  • Set the message header "X-MS-Exchange-Organization-BypassClutter" to the value "true". Both commands are case-sensitive.
• Click Add Condition.
• Click Apply this rule if…
  • A message header > includes any of these words...
  • On the right you will see Enter text and Enter words...
  • Click Enter text and type 'X-PHISHTEST'
  • Click Enter words and type in 'PhishingBox' and 'Hook Security'
  • Click the  icon.
•  Do the following…
  1.  this field is set to Set the spam confidence level (SCL) to… and Bypass spam filtering is set.
  2. Add a second action to Do the following... to Modify the message properties > Set a message header to this value ‘X-MS-Exchange-Organization-BypassClutter’ then click Enter text... and set to ‘true’
• Add an additional action under Do the following to Modify the message properties. Here, click on Set the spam confidence level (SCL) to... and select Bypass Spam Filtering.
• Click Save.

Bypassing Junk Folder (0365 ONLY)

Setting this rule will permit only simulated phishing emails from Portal to bypass the Junk folder to ensure users are receiving the simulated phishing emails in their inboxes.

• Log in to Office 365 mail server admin portal
• Go to Admin > Mail > Mail Flow
• Click on the mail flow section
• Click the  dropdown under the Rules tab. Select Create a new rule.
• Give the rule  a name e.g. “Hook Security O365 Email Header – Skip Junk Folder”
• Click on more options
• Add the condition Apply this rule if.....
  
  • Select The sender, then click on More options and select IP address is in any of these ranges or exactly matches.
  • Specify the sender IP addresses which can be found in this article, then click OK.
  • (Note: the below steps for safelisting by email header will apply to Office 365 accounts only.)
  •  Click Add Condition and choose A message header > includes any of these words...
  • On the right side you will see 'Enter text' and 'Enter words...' 
  • Click 'Enter text...' and enter ‘X-PHISHTEST’
  • Click 'Enter words...' and enter 'PhishingBox' and 'Hook Security'
• Click the  icon.
• Under Do the following…
  • Click Modify the message properties.
  • Then Set a Message Header.
  • Set the message header to this value…
    • Set the message header ‘X-Forefront-Antispam-Report’ to the value ‘SFV:SKI;’
• Under Properties of this ruleset the priority to follow the existing rule for the Spam Filter outlined above.
• Click Save to save the rule.

Allow time for propagation of these rules.