To ensure CanIPhish can effectively simulate phishing campaigns, you will need to allowlist our emails. We recommend allowlisting by either IP address or Email Header depending on the use-case.
Allowlisting can be tricky and may require some trial and error. If you're unsuccessful with this method, please check out our guide on allowlisting by IP Address, which can be found here.
Note: When allowlisting for Microsoft/Office 365, please follow this dedicated Phishing Simulation Allowlist For M365. The guidance outlined below no longer works for allowlisting Microsoft/Office 365 environments and should only be used if you're using Exchange 2013 or 2016.
Overview
Allowlisting is done in two steps. These steps compromise of explicitly IP allowlisting CanIPhish from EOP spam and clutter filters and IP allowlisting CanIPhish from junk folder filters. Both of these steps must be done to fully allowlist our servers.
- Step 1. Bypass clutter and spam filtering
- Step 2. Bypass the Junk Folder (Microsoft/Office 365 Only)
Step 1. Bypass clutter and spam filtering
This step is crucial to avoiding Microsoft's Exchange Online Protection (EOP) as it performs spam filtering in multiple places, requiring multiple forms of allowlisting.
1. Visit your Microsoft 365 Admin Center and click "Exchange" to open the Exchange Admin Center page. Switch to classic view.
2. Click rules, under mail flow.2. Click the "+" and "Bypass spam filtering..."
.
3. Name the rule, e.g. Bypass Clutter & Spam Filtering by Email Header.
Select Apply this rule if... > A message header > Includes any of these words.
To the right of that rule, you will see Enter text and Enter words...
- Click Enter text and type in the header X-CanIPhish
- Click Enter words and type your CanIPhish Tenant ID (e.g. 'add488e5-a750-4629-8ef3-190983d6t231'), then click the (+)
Note: The Tenant ID can be obtained from your User Profile page
Ensure under Do the following... it is set to the following:
- Set the spam confidence level (SCL) to...
- Bypass spam filtering
Click Add action > Modify the message properties...set a message header
To the right of that rule, you will see Enter text and Enter words...
- Click Enter text and type X-MS-Exchange-Organization-BypassClutter
- Click Enter words and type true
Hit Save
Step 2. Bypass the Junk Folder (Microsoft/Office 365 Only)
1. Still within the Mail Flow > Rules section. Click the "+" and "Bypass spam filtering..."
.
2. Name the rule, e.g. CanIPhish - Skip Junk Folder
Add the condition Apply this rule if... > A message header > includes any of these words.
To the right of that rule, you will see Enter text and Enter words...
- Click Enter text and type in the header X-CanIPhish
- Click Enter words and type your CanIPhish Tenant ID (e.g. 'add488e5-a750-4629-8ef3-190983d6t231'), then click the (+)
Note: The Tenant ID can be obtained from your User Profile page
Beneath Do the following, click Modify the message properties then Set a Message Header.
Set the message header as below:
- Set the message header X-Forefront-Antispam-Report to the value SFV:SKI;.
- Hit SAVE
All done! Allowlisting can be tricky... should you have any difficulties, please don't hesitate to contact us.
Comments
0 comments
Please sign in to leave a comment.