Allow Listing by Header in Exchange 2013, 2016, or Microsoft 365

Written By Hive Systems

The below instructions will show you how to allow list ePHISHiency’s phishing simulation emails by header in your Exchange 2013, 2016, or Microsoft 365 environment (the process is the same for all three mail servers, though you may notice some slight visual differences).

These instructions are only recommended if you have a cloud-based spam filter in front of your Microsoft email server/service. If you are using Microsoft for your email without an additional spam filter, you can instead allow list by IP address using these instructions. Remember, you will also need to allow list ePHISHiency’s IP address or hostname in your cloud-based spam filter to make sure emails are delivered successfully.

Before you begin:

  • In alignment with our commitment to advocating for systems that promote equity, inclusivity, and embrace diversity, Hive Systems uses the term “allow list” instead of “whitelist.” Some companies may still refer to it as the latter, but the cybersecurity concept is the same.

  • You must complete all of these steps to successfully allow list.

Step 1: Bypass clutter and spam filtering

  1. From the Exchange admin center, select mail flow from the left-hand menu.

  2. Click the (+) button beneath rules and then select Bypass Spam Filtering…

  3. Give the rule a name, such as "Bypass Clutter & Spam Filtering by IP Address".

  4. Click the Apply this rule if... drop-down menu and select A message header… then includes any of these words (you may need to click More options on the New rule screen to see all available options).

  5. On the right hand side, click the *Enter text... link and enter our Header. For the most up-to-date header information, please see this article. This field is case sensitive, so be careful. Once entered, click OK.

  6. Next, click the *Enter words... link and enter our Header Value. Once entered, click the (+) button and then Ok. For the most up-to-date header information, please see this article. This field is case sensitive, so be careful.

  7. Click the Do the following drop-down and select Modify the message properties then set a message header.

  8. On the right hand side, click the first *Enter text... link (after "Set the message header") and enter the following: "X-MS-Exchange-Organization-BypassClutter" (this field is case sensitive). Once entered, click OK.

  9. Click the second *Enter text... link (after "to the value") and enter "true" (this field is case sensitive). Once entered, click OK.

  10. On the left, click the add action button.

  11. Click the Select one drop-down that just appeared and select Modify the message properties then set the spam confidence level (SCL). Select Bypass Spam Filtering at the top of the list and click Ok.

  12. Leave the remaining options at their default setting and click Save. An example of the rule is below:

MSFT Header - Bypass clutter and spam filtering.png

If you are using Exchange 2013 or 2016, skip down to Step 4, otherwise continue on to Step 3.

Step 2: Bypass the junk folder

For Microsoft 365 only

  1. From the Exchange admin center, select mail flow from the left-hand menu.

  2. Click the (+) button beneath Rules.

  3. Select Bypass spam filtering....

  4. Give the rule a name, such as "ePHISHiency - Bypass junk folder".

  5. Click the Apply this rule if... drop-down menu and select A message header… then includes any of these words (you may need to click More options on the New rule screen to see all available options).

  6. On the right hand side, click the *Enter text... link and enter our Header. For the most up-to-date header information, please see this article. This field is case sensitive, so be careful. Once entered, click OK.

  7. Next, click the *Enter words... link and enter our Header Value. Once entered, click the (+) button and then Ok. For the most up-to-date header information, please see this article. This field is case sensitive, so be careful.

  8. Click the Do the following drop-down and select Modify the message properties then set a message header.

  9. On the right hand side, click the first *Enter text... link (after "Set the message header") and enter the following: "X-Forefront-Antispam-Report" (this field is case sensitive). Once entered, click OK.

  10. Click the second *Enter text... link (after "to the value") and enter "SFV:SKI;CAT:NONE;" (this field is case sensitive). To learn more about this header, you can read this article from Microsoft. Once entered, click OK.

  11. Leave the remaining options at their default setting and click Save. An example of the rule is below:

MSFT Header - Bypass the junk folder.png

12. Back on the rules page, set the priority of this rule to directly follow the rule you created in Step 1 above. An example of this is below:

MSFT Header - Rule priority.png

Step 3: Let us know you’re ready!

Contact ePHISHiency support (using the button below) and let us know that you’re all setup. We’ll send a test email to you, or a few people if you want, to make sure everything is working, and then we’ll be on our way to reducing your risk from phishing!

 

Having trouble?

Ron+throwing+away+computer.gif

More KB Articles

Hive Systems
Previous

How to Prevent Microsoft 365 Defender from Rewriting ePHISHiency Links
Next

Allow Listing by IP Address in Exchange 2013, 2016, or Microsoft 365