Allowlisting in Exchange 2013/2016

#1

In order to successfully deliver our simulated phishing emails to your learner’s inboxes. The below rules need to be configured in your Exchange Admin Center.

Creating mail flow rule to bypass spam filtering by IP addresses

  1. Click the + and then select Create a new rule… from the menu.
    ExchangeAllowlist_1
    ExchangeAllowlist_1.png874×449 105 KB
  2. Create a name for the rule such as “Infosec IQ IP Bypass”.
  3. Click on More options to view additional menus.
  4. Use the drop-down menu under Apply this rule if… to select the following conditions The Sender… --> IP address is in any of these ranges or exactly matches .
  5. Specify the list of IP addresses from your account settings using the + icon to individually add each IP then click the OK button.
  6. Use the drop-down menu under *Do the following… and then select Modify the message properties… --> Set the spam confidence level (SCL) to select " Bypass Spam Filtering " from the drop-down menu.
  7. Click Save.

IPrule
IPrule.png734×295 6.6 KB

Creating mail flow rule to bypass spam filtering by header

  1. From the Exchange admin center, under the Mail flow menu, select rules.
  2. Click the + icon and then select Create a new rule… from the menu.
  3. Create a name for the rule such as “Infosec IQ Header Bypass”.
  4. Click on More options to view additional menus.
  5. Use the drop-down menu under Apply this rule if… to select the following conditions A message header… --> includes any of these words .
  6. Click Enter text and type the header name found in your account settings.
  7. Next click the link for *Enter words… and type InfoSec Institute into the text field then hit the + icon to add it then click the OK button.
  8. Use the drop-down menu under *Do the following… and then select Modify the message properties… --> Set the spam confidence level (SCL) to select " Bypass Spam Filtering " from the drop-down menu.
  9. Click Save.

Prevent Microsoft’s report phishing options from marking learners as phished

Learners who use the built-in Microsoft report phishing or report as junk options will be marked as phished because reported emails are inspected by a Microsoft service. This can lead to inaccurate campaign results otherwise proactive learners being shown as “phished” in the system. The following mail flow rule will identify any outbound message being sent to the Microsoft report phishing destination with our header value and block then delete the message preventing any inspection of the email and false phishing events.

  1. From the Exchange admin center, under the Mail flow menu, select rules.
  2. Click the + icon and then select Create a new rule… from the menu.
  3. Create a name for the rule such as “Infosec IQ - MS Report Phishing Bypass”.
  4. Click on More options to view additional menus.
  5. Use the drop-down menu under Apply this rule if… "The recipient address includes…
  6. Click Enter text and add the following email addresses.
  • phish@office365.microsoft.com
  • junk@office365.microsoft.com
  1. Click the add condition button
  2. Use the drop-down menu under Apply this rule if… to select the following conditions The subject or body includes…
  3. Add all infosec IQ IP addresses into this section. Please refer to the account settings in the platform for this list.
  4. Use the drop-down menu under *Do the following… and then select Block the message… --> Delete the message without notifying anyone.
  5. Click Save.