Microsoft

Whitelist by Email Headers in Microsoft 365, Microsoft Exchange 2016, and Microsoft Exchange 2019

Note:As of April 2023, Microsoft no longer supports Exchange 2013. For more information, see the Exchange 2013 end of support roadmap article from Microsoft.

In this article, you'll learn how to whitelist by email header in Microsoft 365, Exchange 2016, and Exchange 2019. This method ensures your Phishing Security Tests (PSTs) bypass your spam filters and reach your users’ inboxes. For more information on how to whitelist our training emails, see our Whitelist Training Notifications in Microsoft Defender for Office 365.

Note:We typically recommend whitelisting by IP address or hostname. However, if you use Exchange or Microsoft 365 without Defender for Office 365, you may need to whitelist by email headers to ensure PSTs are delivered. For more information about whitelisting best practices, see our Whitelisting Guide.

If you don't have a spam filter or if you use Microsoft Defender for Office 365, we recommend using advanced delivery policies to whitelist.

Important:Some whitelisting functions may be limited to customers outside of the US which may cause issues when using the KSAT console.

Bypass Clutter and Spam Filtering

To bypass clutter and spam filtering by email header, follow the steps below.

  1. Log into your Microsoft 365 Exchange admin center.
  2. Navigate to Mail flow > Rules.
  3. Click Add a rule > Create a new rule.  
  4. On the Set rule conditions page, give the rule a name, such as "Bypass Clutter and Spam Filtering by Email Header".
  5. In the Apply this rule if fields, select The message headers... and includes any of these words.
  6. Click Enter text, then enter the header name.
    Note:By default, the header for KnowBe4 mail is X-PHISHTEST. We recommend changing the default header to a custom header or header token for enhanced security. You can change the header settings for your account from the KSAT Account Settings page. For more information, see our Account Settings Guide.
  7. Click Save.
  8. Click Enter words and enter "KnowBe4".
  9. Click Add, then click Save.
  10. In the Do the following fields, select Modify the message properties and set the spam confidence level (SCL).
  11. In the specify SCL pop-up window, select Bypass spam filtering. Then, click Save
  12. To the right of the Do the following fields, click the plus icon.
  13. In the And fields, select Modify the message properties and set a message header.
  14. Click the first Enter text on the left and enter "X-MS-Exchange-Organization-BypassClutter". 
  15. Click Save.
  16. Click the second Enter text on the right, then enter "true".
  17. Click Save.
  18. Click Next
  19. On the Set rule settings page, click Next. As a best practice, we recommend leaving these options at their default settings.
  20. On the Review and finish page, click Finish.

Bypass the Junk Folder in Microsoft 365

To bypass your Junk folder in Microsoft 365, follow the steps below.

  1. Log into your Microsoft 365 Exchange admin center.
  2. Navigate to Mail flow > Rules.
  3. Click Add a rule > Create a new rule.  
  4. Give the rule a name, such as "KnowBe4 - Skip Junk Filtering".
  5. In the Apply this rule if fields, select The message headers... and includes any of these words
    Note:Make sure that you add a condition for each header you need to whitelist. For more information on phishing email headers settings, see our Account Settings Guide.
  6. Click Enter text and enter the header name.
    Note:By default, the header for KnowBe4 mail is X-PHISHTEST. We recommend changing the default header to a custom header or header token for enhanced security. You can change the header settings for your account from the KnowBe4 console Account Settings page. For more information, see our Account Settings Guide.
  7. Click Save.
  8. Click Enter words and enter "KnowBe4".
  9. Click Add, then click Save.
  10. In the Do the following fields, select Modify the message properties and set the spam confidence level (SCL).
  11. In the specify SCL pop-up window, select Bypass spam filtering. Then, click Save.
  12. To the right of the Do the following fields, click the plus icon.
  13. In the And fields, select Modify the message properties and set a message header
  14. Cick the first Enter text on the left and enter "X-Forefront-Antispam-Report". This value is case-sensitive.
  15. Click Save.
  16. Click the second Enter text on the right and enter "SFV:SKI;CAT:NONE;". To learn more about this header, see Microsoft's Anti-spam message headers in Microsoft 365 article. This field is case-sensitive.
  17. Click Save.
  18. Click Next.  
  19. On the Set rule settings page, click Next. As a best practice, we recommend leaving the other options at their default settings.
  20. On the Review and finish page, click Finish.
  21. Change the priority of the rule to directly follow the rule you created in the previous section. For more information, see Microsoft’s Set the priority of a mail flow rule article.
Tip:To ensure that you have whitelisted correctly, see our Verify Your Whitelisting article.

Can't find what you're looking for?

Contact Support