Would you like to have images automatically download for simulated phishing and notification emails sent by CanIPhish?
In this support article we'll walk through the allowlisting process to add CanIPhish managed domains to the Outlook Safelist Collection, ensuring images are automatically downloaded. This has the added benefit of ensuring the email view metric in simulated phishing campaigns is accurate. However, the email view metric isn't essential to the success of campaigns, and as a result, this guidance is purely optional and can be added at your own discretion.
Note: The guidance in this article builds upon Microsoft guidance on configuring the safelist collection on an Microsoft 365 mailbox. Please refer to this article to learn more about mailbox safelist collections.
Table Of Contents:
Prerequisites
-
Exchange Online PowerShell Module: Ensure you have the Exchange Online PowerShell module installed. If not, install it using the following command:
-
Administrative Privileges: You must have the necessary permissions to modify mailbox configurations across your organization.
Step 1: Connect to Exchange Online PowerShell
Open PowerShell with administrative privileges and connect to Exchange Online:
Note: Replace your_admin_account@yourdomain.com with your admin username.
Step 2: Define the Domains to Add
Create an array containing the CanIPhish domains you wish to add to the Safe Senders list:
Note: If you've white-labeled CanIPhish, replace caniphish.com and learn.caniphish.com with your white-labeled domains (e.g. phish.mybusiness.com and learn.phish.mybusiness.com).
Step 3: Add Domains to All Mailboxes
Run the following command to add the specified domains to the Safe Senders list for all users:
# Fetch all mailboxes once
$mailboxes = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
# Add each domain one at a time for every mailbox
foreach ($domain in $domains) {
foreach ($mbx in $mailboxes) {
Set-MailboxJunkEmailConfiguration `
-Identity $mbx.Identity `
-TrustedSendersAndDomains @{ Add = $domain }
}
# Pause for 1 second before moving to the next domain
Write-Host "Added '$domain' to TrustedSendersAndDomains for all mailboxes."
Start-Sleep -Seconds 1
}
Explanation:
-
Get-Mailbox -ResultSize Unlimited: Retrieves all mailboxes in your organization. -
foreach { ... }: Iterates over each domain and then each mailbox retrieved. -
Set-MailboxJunkEmailConfiguration: Updates the junk email settings for the specified mailbox. -
-TrustedSendersAndDomains @{Add=$domain}: Adds the specified domain to the existing Safe Senders list without overwriting it.
Step 4: Verify the Changes
To confirm that the domains have been added, you can check the Safe Senders list of a specific mailbox:
Note: Replace user@domain.com with the email address of a user in your organization.
Additional Notes
-
Processing Time: Depending on the number of mailboxes, this operation may take some time.
-
Error Handling: If you encounter any errors, ensure that you have the necessary permissions and that all domain names are correctly specified.
-
Maintenance: If you need to remove domains in the future, you can modify the
Set-MailboxJunkEmailConfigurationcommand accordingly:
Comments
1 comment
Hi Sebastian,,
is this configuration going to work on Outlook mobile and web?
Please sign in to leave a comment.