IMPORTANT NOTICE: Since Microsoft rolled out the "Secure by Default" standard in October 2021, the required method of allowlisting has changed. To correctly allowlist in Exchange and Office 365 environments, please see our article Allowlisting via Microsoft Advanced Delivery.
This article covers how to allowlist your simulated phishing test emails by header in you Exchange 2013, 2016 or Office 365 environment (the process is the same for all 3 servers).
- For allowlisting by email header in exchange 2010, see this article.
- For allowlisting by hostname in Exchange 2013, 2016 or Microsoft 365 (formerly Office 365), see this article.
Allowlisting is necessary for our simulated phishing emails to bypass your organisation's mail filters. We recommend allowlisting by IP address or hostname but your organisation may require you to allowlist by headers for emails to deliver correctly.
This filter will allow simulated emails to bypass your filter by allowlisting our email headers. We also make sure to bypass the Clutter folder in Microsoft's Exchange Online Protection (EOP) mail filter with this rule.
We recommend waiting 1-2 hours after enabling allowlisting before setting up your first phishing campaigns as the settings can take some time to propagate.
Jump to:
Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and Microsoft 365 (formerly Office 365))
Bypass Junk Folder (Microsoft 365 (formerly Office 365) mail servers only)
Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and Microsoft 365 (formerly Office 365))
When allowlisting for Microsoft 365 (formerly Office 365), we STRONGLY recommend implementing the ATP bypass steps to avoid potential false-positives in your campaigns.
- Log into your mail server admin portal and select Admin centers > Exchange.
- Select mail flow
- Click the (+)
- Select Bypass spam filtering...
- Name the rule, e.g. Bypass Clutter & Spam Filtering by Email Header.
- Select Apply this rule if... > A message header > Includes any of these words.
- To the right of that rule, you will see Enter text and Enter words...
- Click Enter text and type in the header X-PhishingTackle
- Click Enter words and type PhishingTackle.com, then click the (+)
- Ensure under Do the following... it is set to the following:
- Set the spam confidence level (SCL) to...
- Bypass spam filtering
- Click Add action > Modify the message properties...set a message header
- To the right of that rule, you will see Enter text and Enter words...
- Click Enter text and type X-MS-Exchange-Organization-BypassClutter
- Click Enter words and type true
- Hit Save
Note: We recommend leaving the other options at their default settings.
Bypassing the Junk Folder (Microsoft 365 (formerly Office 365) mail servers only)
When allowlisting for Microsoft 365 (formerly Office 365), we STRONGLY recommend implementing the ATP bypass steps to avoid potential false-positives in your campaigns.
This rule allows our simulated phishing emails to bypass the junk folder, thus ensuring your recipients are receiving your phishing campaigns correctly.
Within the Exchange admin center:
- Select Mail Flow
- Click the (+)
- Bypass spam filtering...
- Name the rule, e.g. Phishing Tackle - Skip Junk Folder
- Add the condition Apply this rule if... > A message header > includes any of these words.
- On the right side of that rule, you will see Enter text and Enter words...
- Click the Enter text and type in the header X-PhishingTackle then click Enter words... and type in PhishingTackle.com then click the (+) and OK
- Beneath Do the following, click Modify the message properties then Set a Message Header.
- Set the message header as below:
- Set the message header X-Forefront-Antispam-Report to the value SFV:SKI;.
- Beneath Properties of this rule set the priority to directly follow the existing rule (Outlined in this article)
- NOTE: you may need to save the rule, then re-open it to access the Priority setting.
- Hit SAVE
Should you require any further assistance, please contact our support team by clicking here.