IMPORTANT NOTICE: Since Microsoft rolled out the "Secure by Default" standard in October 2021, the required method of allowlisting has changed. To correctly allowlist in Exchange and Office 365 environments, please see our article Allowlisting via Microsoft Advanced Delivery.
To ensure the effective delivery of our simulated phishing emails, you will need to allowlist our servers, we recommend allowlisting by either IP address or by hostname.
Sometimes allowlisting can require some trial and error, this article covers allowlisting by IP address, if you are unsuccessful with this method check out our guide on allowlisting by Hostname, which can be found here.
Another option is allowlisting by Email Headers, but this is usually only necessary if you use a cloud-based spam filter, see guide here.
NOTE:
When allowlisting for Microsoft 365 (formerly Office 365), we STRONGLY recommend implementing the ATP/Defender bypass steps to avoid potential false-positives in your campaigns.
The Process
The process is quite simple, there are just 4 steps:
The first thing you'll need to do is set up an IP Allow List which includes Phishing Tackle's IP addresses. Next, you add a mail flow rule which allows our emails to bypass your Clutter folder and Microsoft's Exchange Online Protection (EOP) filter. Lastly, if you're using Microsoft 365 (formerly Office 365), you'll need a connector to prevent deferments. All of these steps must be done to fully allowlist our servers.
Step 1 - IP Allow List
Step 2 - Bypass Clutter & Spam Filter
Step 3 - Bypass Junk Filter - Microsoft 365 (formerly Office 365) Only
Step 4 - Create connector to avoid deferments - Microsoft 365 (formerly Office 365) Only
NOTE:
Within Microsoft 365 (formerly Office 365) environments: If you allowlisted Phishing Tackle before March 2020, we recommend you configure a connector to prevent emails being deferred. You'll find quick instructions to do this in Step 4.
Step 1 - Adding Phishing Tackle's IP addresses to the IP Allow List
- Log into the Microsoft 365 (formerly Office 365) portal and select Admin centers > Exchange.
- Hit Connection filter, under protection.
- Select Edit to edit the default policy.
- Hit Connection filtering, then the + Sign.
- Within the add allowed IP address screen, add Phishing Tackle's IP addresses, one at a time. A complete list of our IP addresses can be found here.
- Hit OK > Save.
- Move onto the mail flow rule in Step 2!
Step 2 - Bypass clutter and spam filtering
This step is crucial to avoiding Microsoft's EOP.
NOTE:
Microsoft details some useful information regarding flow order in this article which may help if emails are still getting blocked/quarantined, read here.
- Back in the Exchange admin center, hit rules under mail flow.
- Hit the + sign then Bypass spam filtering.
- Give the rule a memorable and easy-to-understand name, then under *Apply this rule if... select The sender... > IP address is in any of these ranges or exactly matches.
- Then enter each of Phishing Tackle's IP addresses, hitting the + sign for each. (A complete list of our IP addresses can be found here.) Then hit OK
- Under *Do the following... hit Modify the message properties... > set a message header.
- Edit the properties of this by selecting the Enter text buttons:
Use the following entries:
Set the message header to "X-MS-Exchange-Organization-BypassClutter" to the value "true"
- Hit add action.
- From the drop-down menu, select Modify the message properties... > set the spam confidence level (SCL).
Set it to "Bypass spam filtering"
- Leave all remaining settings as their default values and hit Save.
If you're using Microsoft 365 (formerly Office 365), you will need to complete Steps 3&4 below, if you are just using Microsoft Exchange, you're done!
Make sure to run some test campaigns to a small group of recipients, checking both spoofed and external domain templates, before running an organisation-wide campaign.
Step 3 - Bypass the Junk Folder - Microsoft 365 (formerly Office 365) Only
- Still within the Mail flow section, click the + sign > Bypass spam filtering...
- Give the rule a memorable and easy-to-understand name, then under *Apply this rule if... select The sender... > IP address is in any of these ranges or exactly matches.
- Then enter each of Phishing Tackle's IP addresses, hitting the + sign for each. (A complete list of our IP addresses can be found here.) Then hit OK
- Under *Do the following... hit Modify the message properties... > set a message header.
- Edit the properties of this by selecting the Enter text buttons:
Use the following entries:
Set the message header to "X-Forefront-Antispam-Report" to the value "SFV:SKI;"
- Adjust the Priority (if necessary) to be directly after the Bypass clutter and spam filtering rule, created in step two. (Note, the priority may not be visible, if this is the case, save and reopen the rule). Hit Save.
- Move onto create the connector in Step 4!
Step 4 - Create a Connector to Avoid Deferments - Microsoft 365 (formerly Office 365) Only
This step is crucial in avoiding Microsoft's rate limiting settings.
- Still within the mail flow section, click connectors.
- Hit the + sign to create a new connector.
- In the From: and To: drop-down menus, select Partner organization and Office 365 respectively, then hit Next.
- Give the connector a memorable and logical name, add a description if you like (it's optional) then hit Next.
- On the next screen, hit Use the sender's IP address.
- Use the + sign to add all Phishing Tackle's IP addresses one by one. (A complete list of our IP addresses can be found here.) Then hit Next.
- Ensure Reject email messages if they aren't sent over TLS is selected.
- Double-check the settings entered are correct, then hit Save.
That's it!
Allowlisting can sometimes require some trial and error, should the above guide not work, try allowlisting by Hostname instead.
Should you require any further assistance, please contact our support team by clicking here.