IMPORTANT NOTICE: Since Microsoft rolled out the "Secure by Default" standard in October 2021, the required method of allowlisting has changed. To correctly allowlist in Exchange and Office 365 environments, please see our article Allowlisting via Microsoft Advanced Delivery.
This article covers how to allowlist Phishing Tackle emails by email header in your Exchange 2013, 2016 or Office 365 environment (the process is the same for all 3 servers).
- For allowlisting by email header in exchange 2010, see this article.
- For allowlisting by hostname in Exchange 2013, 2016 or Microsoft 365 (formerly Office 365), see this article.
Allowlisting is necessary for our simulated phishing emails to bypass your organisation's mail filters. We recommend allowlisting by IP address or hostname, but your organisation may require you to allowlist by headers for emails to deliver correctly.
This filter will allow simulated emails to bypass your filter by allowlisting our email headers. We also make sure to bypass the Clutter folder in Microsoft's Exchange Online Protection (EOP) mail filter with this rule.
We recommend waiting 1-2 hours after enabling allowlisting before setting up your first phishing campaigns as the settings can take some time to propagate.
Jump to:
Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and Microsoft 365 (formerly Office 365))
Bypass Junk Folder (Microsoft 365 (formerly Office 365) mail servers only)
Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and Microsoft 365 (formerly Office 365))
When allowlisting for Microsoft 365 (formerly Office 365), we STRONGLY recommend implementing the ATP bypass steps to avoid potential false-positives in your campaigns.
- Log into the Microsoft 365 (formerly Office 365) portal and select Admin centers > "Exchange".
- Click "Mail Flow".
- Click "Rules".
- Click "Add a Rule".
-
Click "Bypass spam Filtering".
- Give the rule a memorable and easy-to-understand name e.g., "Phishing Tackle Email Header bypass clutter and spam filtering".
- Under "Apply this rule if" select "The message headers..." > "includes any of these words".
- Click "Enter text" and "Enter words" and enter Phishing Tackle's email header Information. Our Email Header values can be found here.) Then hit "Save".
-
The Bypass spam filtering rule is automatically configured for you. This is displayed Under *Do the following.
Note: Microsoft have updated their SCL setting, instead of -1 the rule must be set to "Bypass Spam filtering".
-
Click the "+" button under "Do the following".
- Under "And" select "Modify the message properties" > select "set a message header".
-
Edit the properties by selecting the "Enter text" buttons:
Use the following entries:
Set the message header to "X-MS-Exchange-Organization-BypassClutter" and set the value to "true".
- Click "Next".
- Leave all settings in "Set rule settings" as their default values and click "Next".
-
Review your settings and click "Finish".
Bypassing the Junk Folder (Microsoft 365 (formerly Office 365) mail servers only)
When allowlisting for Microsoft 365 (formerly Office 365), we STRONGLY recommend implementing the ATP bypass steps to avoid potential false-positives in your campaigns.
This rule allows our simulated phishing emails to bypass the junk folder, thus ensuring your recipients are receiving your phishing campaigns correctly.
- Log into the Microsoft 365 (formerly Office 365) portal and select "Admin centers" > "Exchange".
- Click "Mail Flow".
- Click "Rules".
- Click "Add a Rule".
- Click "Bypass spam Filtering".
- Give the rule a memorable and easy-to-understand name e.g., "Phishing Tackle bypass junk folder - Email Header".
- Under "Apply this rule if" select "The message headers" > "includes any of these words".
- Click "Enter text" and "Enter words" and enter Phishing Tackle's email header Information. Our Email Header values can be found here.) Then hit "Save".
- Click the "+" button under "Do the following".
-
Under "And" select "Modify the message properties" > select "set a message header".
- Edit the properties by selecting the "Enter text" buttons:
Use the following entries:
Set the message header to "X-Forefront-Antispam-Report" and set the value to "SFV:SKI;".
- Click "Next".
-
You can leave all settings in "Set rule settings" as their default values and click "Next".
- Click "Finish".
Please let us know if you require any further assistance, you can contact our support team by clicking here. Or by sending an email to support@phishingtackle.com