Cybersecurity Training
      Back to home
      1. INFO CENTER
      2. Cybersecurity Training

      How do I whitelist by Email Header in Exchange 2013, Exchange 2016, Office 365?

      This article details the process of safelisting (aka whitelisting) our simulated phishing email headers on your Exchange 2013, 2016, or Office 365 platforms.

      Bypassing Clutter and Spam Filtering

      To ensure Portal messages will bypass your Clutter folder as well as spam filtering in Microsoft's EOP, follow the steps below.

      • Go to Admin > Mail > mail flow > rules

      mailflowrules.PNG

       

      • Click the plusSign.png dropdown under the Rules tab. Select Create a new rule.
      • Give the rule a name, e.g. "Bypass Clutter and Spam Filtering by Header"
      • Click More options
      • For the condition Apply this rule if....
      • Click Modify the message properties then Set a Message Header.
      • Click on the *Enter text... button to set the message header to the following value:
        • A message header > includes any of these words...
        • On the right you will see Enter text and Enter words...
        • Click Enter text and type 'X-PHISHTEST'
        • Click Enter words and type in 'PhishingBox'
        • Click the plusSign.png icon.
      •  Do the following…
        1. Add a second action to Do the following... to Modify the message properties > Set a message header to this value ‘X-MS-Exchange-Organization-BypassClutter’ then click Enter text... and set to ‘true’
        2. Add an additional action under Do the following to Modify the message properties. Here, click on Set the spam confidence level (SCL) to... and select Bypass Spam Filtering.
      • Click Save.

      Completed Mail Flow Rule

       

      clutter-and-spam-filter.gif

       

      Bypassing the Junk Folder

      Setting this rule will permit only simulated phishing emails from Portal to bypass the Junk folder to ensure users are receiving the simulated phishing emails in their inboxes.

      Note for Office 365 Environments: If you safelisted our email servers prior to February 2018, you must add an additional mail flow rule in your Office 365 Admin center. This rule can be found below.

      • Go to Admin > Mail > Mail Flow
      • Click the plusSign.png dropdown under the Rules tab. Select Create a new rule.
      • Give the rule a name, e.g. "Portal Skip Junk Filtering".
      • Click on More options.
      • For the condition Apply this rule if.....
      • Choose A message header > includes any of these words...
        • On the right you will see Enter text and Enter words...
        • Click Enter text and type 'X-PHISHTEST'
        • Click Enter words and type in 'PhishingBox'
        • Click the plusSign.png icon.
      • Under Do the following, click Modify the message properties the Set a Message Header.
      • Set the message header to this value: the header "X-Forefront-Antispam-Report" to the value "SFV:SKI;".
      • Under Properties of this rule set the priority to directly follow the existing rule (see Bypassing Clutter and Spam Filtering) set up for Portal safelisting.
      • Click Save.

      Completed Mail Flow Rule

       

      Junk-flder.gif

       

      TEKRiSQ+shield