Whitelist by Email Header in Exchange 2010

This document will cover how to allow our simulated phishing emails to reach your users by whitelisting by email header in your Exchange 2010 environment.

Whitelisting is necessary in order for us to send simulated phishing emails that will bypass your mail filter. Typically we recommend whitelisting by IP address or hostname. But depending on your system set-up (for instance, if you're using a cloud-based spam filter), whitelisting by headers may be the most suitable way to ensure phishing test emails are delivered to your users. Make sure you also whitelist our IPs in your spam filter.

We recommend setting up a test phishing campaign to yourself or a small group after you follow the below steps to ensure your whitelisting was successful. The setting may take up to an hour to propagate to all users so wait at least an hour before testing.

The instructions for setting up these rules are shown below:

1) Open your Exchange Management Console (EMC).

2) Expand Organization Configuration on the left-hand side, and click Hub Transport.

3) Under Actions on the right-hand side, select New Transport Rule.

4) Enter a name for your New Transport Rule, such as "Bypass Spam Filtering by Email Header", and click Next.

5) In Step 1, select condition "when the message header contains specific words". Beneath Step 2, complete the following steps. 

a. Select message header and type in the header. The default KnowBe4 header is "X-PHISHTEST".

b. Select specific words and then enter "KnowBe4".
c. Click Next. 

6) In Step 1, select action "set the spam confidence level to a value". In Step 2, set the Spam confidence level (SCL) threshold to -1. Click Next.

7) Click Next to create rule, then select New to continue.

Still need assistance? Submit a support ticket and we can help.