IMPORTANT NOTICE: Since Microsoft rolled out the "Secure by Default" standard in October 2021, the required method of allowlisting has changed. To correctly allowlist in Exchange and Office 365 environments, please see our article Allowlisting via Microsoft Advanced Delivery.
To ensure the effective delivery of our simulated phishing emails, you may need to allowlist our servers, we recommend allowlisting by hostname which is covered in this article.
If you need to allowlist by Email Headers instead, see the following articles:
- Allowlist by Email Headers in Exchange 2013, 2016, or Microsoft 365 (formerly Office 365)
- Allowlist by Email Headers in Exchange 2010
Allowlisting by Hostname in Exchange 2013, 2016 or Microsoft 365 (formerly Office 365)
When allowlisting for Microsoft 365 (formerly Office 365), we STRONGLY recommend implementing the ATP bypass steps to avoid potential false-positives in your campaigns.
- Log into the Microsoft 365 (formerly Office 365) portal and select Admin centers > "Exchange".
- Click "Mail Flow".
- Click "Rules".
- Click "Add a rule".
- Click "Bypass spam filtering".
Give the rule a memorable and easy-to-understand name e.g., "Phishing Tackle spam filter bypass - Hostname".
- Under "Apply this rule if" select "The Sender" > "Domain is".
- Click "Enter words" and enter Phishing Tackle's Hostname "mail.tacklephishing.com" (please note: the domain is a reverse of our usual domain name. See this article for details on our domain information. Then hit "Save".
- Click "Next".
- In "Set rule settings" scroll to the option "Match sender address in message".
- Click on the drop-down menu and select "Envelope".
- Click "Next".
- Review your settings and then click "Finish".