Allowlisting by Email Headers in Exchange 2013, 2016, or Microsoft 365 (formerly Office 365)

Support Desk
  • Updated
Follow

IMPORTANT NOTICE: Since Microsoft rolled out the "Secure by Default" standard in October 2021, the required method of allowlisting has changedTo correctly allowlist in Exchange and Office 365 environments, please see our article Allowlisting via Microsoft Advanced Delivery.

This article covers how to allowlist Phishing Tackle emails by email header in your Exchange 2013, 2016 or Office 365 environment (the process is the same for all 3 servers).

  • For allowlisting by email header in exchange 2010, see this article.
  • For allowlisting by hostname in Exchange 2013, 2016 or Microsoft 365 (formerly Office 365), see this article.

 

Allowlisting is necessary for our simulated phishing emails to bypass your organisation's mail filters. We recommend allowlisting by IP address or hostname, but your organisation may require you to allowlist by headers for emails to deliver correctly.

This filter will allow simulated emails to bypass your filter by allowlisting our email headers. We also make sure to bypass the Clutter folder in Microsoft's Exchange Online Protection (EOP) mail filter with this rule.

We recommend waiting 1-2 hours after enabling allowlisting before setting up your first phishing campaigns as the settings can take some time to propagate.

 

Jump to:

Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and Microsoft 365 (formerly Office 365))

Bypass Junk Folder (Microsoft 365 (formerly Office 365) mail servers only)

 

Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and Microsoft 365 (formerly Office 365))

NOTE:
When allowlisting for Microsoft 365 (formerly Office 365), we STRONGLY recommend implementing the ATP bypass steps to avoid potential false-positives in your campaigns. 
  1. Log into the Microsoft 365 (formerly Office 365) portal and select Admin centers > "Exchange".
    Microsoft_365_admin_center_-_Exchange.png
  2. Click "Mail Flow".
    Microsoft_365_Admin_Center_-_Exchange_-_Mail_Flow.png

  3. Click "Rules".
    Microsoft_365_Admin_Center_-_Exchange_-_Mail_Flow_-_Rules.png

  4. Click "Add a Rule".
    Allowlisting_by_Email_Headers_-_New_Rule.png
  5. Click "Bypass spam Filtering".
    Allowlisting_by_Email_Headers_-_Bypass_Spam_Filtering.png
  6. Give the rule a memorable and easy-to-understand name e.g., "Phishing Tackle Email Header bypass clutter and spam filtering".
    Allowlisting_by_Email_Headers_-_Bypass_Spam_Filtering_-_Name.png

  7. Under "Apply this rule if" select "The message headers..." > "includes any of these words".
    Allowlisting_by_Email_Headers_-_Bypass_Spam_Filtering_-_Apply.png

  8. Click "Enter text" and "Enter words" and enter Phishing Tackle's email header Information. Our Email Header values can be found here.) Then hit "Save".
    Allowlisting_by_Email_Headers_-_Bypass_Spam_Filtering_-_Header_Value.png

  9. The Bypass spam filtering rule is automatically configured for you. This is displayed Under *Do the following.
    Allowlisting_by_Email_Headers_-_Bypass_Spam_Filtering_-_SCL.png
  10. Click the "+" button under "Do the following".
    Allowlisting_by_Email_Headers_-_Bypass_Spam_Filtering_-_New_Rule.png
  11. Under "And" select "Modify the message properties" > select "set a message header".
    Allowlisting_by_Email_Headers_-_Bypass_Spam_Filtering_-_And.png

  12. Edit the properties by selecting the "Enter text" buttons:
    Allowlisting by Email Headers - Bypass Spam Filtering - Text.png

    Use the following entries:
    Set the message header to "X-MS-Exchange-Organization-BypassClutter" and set the value to "true".
    Allowlisting_by_Email_Headers_-_Bypass_Spam_Filtering_-_And_Values.png
  13. Click "Next".
    Allowlisting by Email Headers - Bypass Spam Filtering - Conditions.png

  14. Leave all settings in "Set rule settings" as their default values and click "Next".
    Allowlisting by Email Headers - Bypass Spam Filtering - Set Rules.png

  15. Review your settings and click "Finish".
    Allowlisting by Email Headers - Bypass Spam Filtering - Review.png

 

Bypassing the Junk Folder (Microsoft 365 (formerly Office 365) mail servers only)

NOTE:
When allowlisting for Microsoft 365 (formerly Office 365), we STRONGLY recommend implementing the ATP bypass steps to avoid potential false-positives in your campaigns.

This rule allows our simulated phishing emails to bypass the junk folder, thus ensuring your recipients are receiving your phishing campaigns correctly.

  1. Log into the Microsoft 365 (formerly Office 365) portal and select "Admin centers" > "Exchange".
    Microsoft 365 admin center - Exchange.png

  2. Click "Mail Flow".
    Microsoft 365 Admin Center - Exchange - Mail Flow.png

  3. Click "Rules".
    Microsoft 365 Admin Center - Exchange - Mail Flow - Rules.png

  4. Click "Add a Rule".
    Allowlisting by Email Headers - New Rule.png

  5. Click "Bypass spam Filtering".
    Allowlisting by Email Headers - Bypass Spam Filtering.png

  6. Give the rule a memorable and easy-to-understand name e.g., "Phishing Tackle bypass junk folder - Email Header".

  7. Under "Apply this rule if" select "The message headers" > "includes any of these words".
    Allowlisting by Email Headers - Bypass Junk - Apply.png

  8. Click "Enter text" and "Enter words" and enter Phishing Tackle's email header Information. Our Email Header values can be found here.) Then hit "Save".
    Allowlisting by Email Headers - Bypass Junk - Header Value.png

  9. Click the "+" button under "Do the following".
    Allowlisting by Email Headers - Bypass Junk - New Rule.png

  10. Under "And" select "Modify the message properties" > select "set a message header".
    Allowlisting by Email Headers - Bypass Junk - And.png

  11. Edit the properties by selecting the "Enter text" buttons:
    Allowlisting by Email Headers - Bypass Junk - Enter Text.png

    Use the following entries:
    Set the message header to "X-Forefront-Antispam-Report" and set the value to "SFV:SKI;".
    Allowlisting by Email Headers - Bypass Junk - And Values.png

  12. Click "Next".
    Allowlisting by Email Headers - Bypass Junk - Conditions.png

  13. You can leave all settings in "Set rule settings" as their default values and click "Next".
    Allowlisting by Email Headers - Bypass Junk - Set Rules.png

  14. Click "Finish".
    Allowlisting by Email Headers - Bypass Junk - Review.png

 

Please let us know if you require any further assistance, you can contact our support team by clicking here. Or by sending an email to support@phishingtackle.com

Related articles