IMPORTANT NOTICE: Since Microsoft rolled out the "Secure by Default" standard in October 2021, the required method of allowlisting has changed. To correctly allowlist in Exchange and Office 365 environments, please see our article Allowlisting via Microsoft Advanced Delivery.
To ensure the effective delivery of our simulated phishing emails, you will need to allowlist our servers, we recommend allowlisting by either IP address or by hostname.
Sometimes allowlisting can require some trial and error, this article covers allowlisting by IP address, if you are unsuccessful with this method check out our guide on allowlisting by Hostname, which can be found here.
Another option is allowlisting by Email Headers, but this is usually only necessary if you use a cloud-based spam filter, see guide here.
NOTE:
When allowlisting for Microsoft 365 (formerly Office 365), we STRONGLY recommend implementing the ATP/Defender bypass steps to avoid potential false-positives in your campaigns.
The Process
The process is quite simple, there are just 4 steps:
The first thing you'll need to do is set up an IP Allow List which includes Phishing Tackle's IP addresses. Next, you add a mail flow rule which allows our emails to bypass your Clutter folder and Microsoft's Exchange Online Protection (EOP) filter. Lastly, if you're using Microsoft 365 (formerly Office 365), you'll need a connector to prevent deferments. All of these steps must be done to fully allowlist our servers.
Step 1 - IP Allow List
Step 2 - Bypass Clutter & Spam Filter
Step 3 - Bypass Junk Filter - Microsoft 365 (formerly Office 365) Only
Step 4 - Create connector to avoid deferments - Microsoft 365 (formerly Office 365) Only
NOTE:
Within Microsoft 365 (formerly Office 365) environments: If you allowlisted Phishing Tackle before March 2020, we recommend you configure a connector to prevent emails being deferred. You'll find quick instructions to do this in Step 4.
Step 1 - Adding Phishing Tackle's IP addresses to the IP Allow List
- Log into the Microsoft 365 (formerly Office 365) portal and select Admin centers > Security.
- Select "Policies & Rules".
- Select "Threat policies".
- Select "Anti-Spam".
- Click "Connection filter policy (Default)".
-
Select "Edit connection filter policy".
- Within the connection filter policy add Phishing Tackle's IP addresses one at a time. A complete list of our IP addresses can be found here.
- Click "Save".
- Move onto the mail flow rule in Step 2!
Step 2 - Bypass clutter and spam filtering
This step is crucial to avoiding Microsoft's EOP.
NOTE:
Microsoft details some useful information regarding flow order in this article which may help if emails are still getting blocked/quarantined, read here.
- Visit the Microsoft 365 (formerly Office 365) portal and select Admin centers > Exchange.
- Click "Mail Flow".
- Click "Rules".
- Click "Add a Rule".
- Click "Bypass spam filtering".
- Give the rule a memorable and easy-to-understand name.
Note: Microsoft have updated their SCL setting, instead of -1 the rule must be set to "Bypass Spam filtering".
- Under *Apply this rule if... select "The sender..." > "IP address is in any of these ranges or exactly matches".
- Then enter each of Phishing Tackle's IP addresses, clicking the "Add" button for each. (A complete list of our IP addresses can be found here.) Then hit "Save".
- The Bypass spam filtering rule is automatically configured for you. This is displayed Under *Do the following.
- Click the "+" button under "Do the following".
- Under "And" select "Modify the message properties..." > select "set a message header".
- Edit the properties of this by selecting the Enter text buttons:
Use the following entries:
Set the message header to "X-MS-Exchange-Organization-BypassClutter" set the value to "true".
- Click "Next".
- Leave all settings in "Set rule settings" as their default values and click "Next".
- Review your settings and click "Finish".
If you're using Microsoft 365 (formerly Office 365), you will need to complete Steps 3&4 below, if you are just using Microsoft Exchange, you're done!
Make sure to run some test campaigns to a small group of recipients, checking both spoofed and external domain templates, before running an organisation-wide campaign.
Step 3 - Bypass the Junk Folder - Microsoft 365 (formerly Office 365) Only
- Visit the Microsoft 365 (formerly Office 365) portal and select Admin centers > Exchange.
- Click "Mail Flow".
- Click "Rules".
- Click "Add a Rule".
- Click "Bypass spam Filtering".
- Give the rule a memorable and easy-to-understand name.
- Under "*Apply this rule if..." select "The sender" > select "IP address is in any of these ranges or exactly matches".
- Then enter each of Phishing Tackle's IP addresses, clicking the "Add" button for each. (A complete list of our IP addresses can be found here.) Then hit "Save".
- Under "*Do the following..." click the "+" button to create an additional rule.
- Under "And" select "Modify the message properties..." > select "set a message header".
- Edit the properties by selecting the "Enter text" buttons.
- Click "Enter text" next to Set the message header and set the message header to "X-Forefront-Antispam-Report". Then hit "Save".
- Click "Enter text" next to "the value" and set the value to "SFV:SKI;". Then click "Save".
- Click "Next".
- Leave all settings in "Set rule settings" as their default values and click "Next".
- Click "Finish".
- Review your Rules in Exchange admin center. Adjust the Priority (if necessary) to be directly after the Bypass clutter and spam filtering rule, created in step two.
- Move onto create the connector in Step 4!
Step 4 - Create a Connector to Avoid Deferments - Microsoft 365 (formerly Office 365) Only
This step is crucial in avoiding Microsoft's rate limiting settings.
-
Visit the Microsoft 365 (formerly Office 365) portal and select Admin centers > Exchange.
- Click "Mail Flow".
- Click "Connectors".
- Click "Add a connector".
- In "
- Ensure "Connection to" is set to Office 365. Then click "Next".
- Give the connector a memorable and logical name, add a description if you like (it's optional) then click "Next".
- Click "By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization".
- Click the "+" button and enter each of Phishing Tackle's IP addresses (A complete list of our IP addresses can be found here.) Then click "Next".
- Ensure Reject email messages if they aren't sent over TLS is selected.
- Double-check the settings entered are correct, then hit Save.
That's it!
Allowlisting can sometimes require some trial and error, should the above guide not work, try allowlisting by Hostname instead.
Should you require any further assistance, please contact our support team by clicking here.