If you're using Avanan, you should allowlist CanIPhish's simulated phishing emails. This article will guide you on how to perform IP-based allowlisting for CanIPhish.
Allowlisting Avanan in Microsoft 365
To allowlist CanIPhish, you must create a mail flow rule in the Exchange admin center. This rule will look for CanIPhish IP addresses and add a header that lets Avanan know that the email should be allowed.
Important Note: Due to the nature of how M365 works. You will additionally need to implement M365 Phishing Simulation Allowlist Guidance to guarantee delivery of CanIPhish simulated phishing emails.
To set up this mail flow rule, follow the steps below:
-
Log into your Microsoft Admin console.
-
From the navigation panel, navigate to Admin centers > Exchange. You can also access the Exchange admin center by navigating to admin.exchange.microsoft.com.
-
From the navigation panel, navigate to mail flow > rules.
-
At the top of the page, click the plus sign icon to open a drop-down menu.
-
From the drop-down menu, select Create a new rule. When you select this option, a new rule pop-up window will open.
-
In the Name field, enter a name for the rule. e.g. "CanIPhish Email Allowlist"
-
In the Apply this rule if… drop-down menu, hover your mouse over The sender, then select IP address is any of these ranges or exactly matches. When you select this option, a specify IP address ranges pop-up window will display.
-
In the pop-up window, enter the IP addresses listed in this support article. After entering each IP address, click the plus sign icon to add it.
-
Click the OK button.
-
In the Do the following… drop-down menu, select Modify the message properties, then select set a message header.
-
Click the first Enter text… option next to the Do the following... field. When you click this option, a message header pop-up window will open.
-
In the Header name field, enter X-CLOUD-SEC-AV-Info.
-
Click the OK button.
-
Select the second Enter text… option next to the Do the following... field. When you click this option, a header value pop-up window will open.
-
In the pop-up window, enter [portalname],office365_emails, inline, but replace [portalname] with the name of your Avanan portal.
-
Click the OK button.
-
Under Properties of this rule, select the Audit this rule with severity level check box.
-
Under Choose a mode for this rule, select the Enforce option.
-
Select the Stop processing more rules check box.
-
Click the Save button to apply this rule to your server.
For more information about mail flow rules in Microsoft 365, see Microsoft’s Manage mail flow rules in Exchange Online article.
Allowlisting Avanan in Google Workspace
To allowlist CanIPhish in Google Workspace, you must create a new content compliance rule and modify an existing Avanan rule. The new rule will identify CanIPhish IP addresses and add a header that lets Avanan know that the message should be allowed. Creating this rule will prevent any sandboxing tools that your organization uses from blocking simulated phishing tests and training notifications.
First, create a content compliance rule by following the steps below:
-
Log into your Google Admin console.
-
From the Admin console home page, navigate to Apps > Google Workspace > Gmail.
-
If you manage more than one organization, select the organization where you would like to apply the rule from the navigation panel.
-
Scroll down to the Compliance section of the page.
-
Hover your mouse over the Content Compliance setting.
-
Click the CONFIGURE or ADD ANOTHER button, depending on whether you have already added a rule. When you click either of these buttons, an Add setting pop-up window will open.
-
Under Content compliance, enter a description of this rule. For example, you could enter "CanIPhish Email Allowlist".
-
Under step one, select the Inbound check box.
-
Under step two, fill out the fields by following the steps below:
-
In the drop-down menu, select If ALL of the following match the message. When you select this option, an Expressions section will display.
-
In the Expressions section, click the ADD button.
-
In the drop-down menu, select Metadata match.
-
In the Match type drop-down menu, select the Source IP within the following range.
-
In the Match type field, enter the IP addresses listed in this support article.
-
-
Under step 3, fill out the fields by following the steps below:
-
In the drop-down menu, select Modify message.
-
Under Headers, select the Add custom headers check box. When you select this check box, a Custom headers section will display.
-
In the Custom headers section, click the ADD button.
-
In the Header name field, enter "X-CLOUD-SEC-AV-Info.
-
In the Value field, enter [portalname],googlr_mail, inline, but replace [portalname] with the name of your Avanan portal.
-
-
Click the SAVE button.
Next, modify the existing content compliance rule by following the steps below:
-
Navigate to the Compliance section of your Gmail settings again.
-
Hover your mouse over the Content Compliance setting.
-
Click the EDIT button. When you click this button, an Add setting pop-up window will open again.
-
Under step two, click Edit next to next to the [portal_name]__inline_ei rule, where [portal name] is replaced by the name of your Avanan portal.
-
Modify the fields by following the steps below:
-
From the first drop-down menu, select Metadata match.
-
From the Attribute drop-down menu, select Source IP.
-
From the Match type drop-down menu, select Source IP is not within the following range. When you select this option, a field will display below this drop-down menu.
-
In the Match type field, enter the IP addresses listed in this support article.
-
-
Click the SAVE button. Now, you'll have two conditions under this rule.
For more information about content compliance rules in Google Workspace, see Google’s Set up rules for advanced email content filtering page.
Comments
0 comments
Please sign in to leave a comment.