Whitelisting by Email Headers in Microsoft 365 or Microsoft Exchange 2016

Before you can begin sending your Phishing Security Tests (PST), you will need to whitelist KnowBe4’s email headers to make sure these emails bypass your spam filters and reach your users’ inboxes.

We recommend whitelisting by IP address or hostname, but depending on your system setup, you may need to whitelist by email headers to ensure PSTs are delivered. For more information about whitelisting best practices, see our Whitelisting Data and Anti-Spam Filtering Information article.

In this article, you'll learn how to bypass spam filtering and Junk folders with a whitelisting rule. This rule will also allow you to bypass the Clutter folder in the Microsoft Exchange Online Protection (EOP) mail filter.

To whitelist our training emails, see our Whitelisting Training Notifications in Microsoft Defender for Office 365 article for more information.

Jump to:

Bypassing Clutter and Spam Filtering by Email Header

Bypassing the Junk Folder in Microsoft 365

Bypassing Clutter and Spam Filtering by Email Header

To bypass clutter and spam filtering by email header, follow the steps below:

1. 1. Log into your Microsoft 365 Exchange admin center.
   2. Navigate to Mail flow > Rules.
   3. Click Add a rule, then select Bypass spam filtering from the drop-down menu.
   4. In the New transport rule pop-up window, give the rule a name such as "Bypass Clutter and Spam Filtering by Email Header".
   5. From Apply this rule if, select The message headers... from the drop-down menu on the left.
   6. In this same section, select includes any of these rules from the drop-down menu on the right.
   7. Under the Apply this rule if section, click Enter text and enter the header name.
      Note: By default, the header for KnowBe4 mail is X-PHISHTEST. We recommend changing the default header to a custom header or header token for enhanced security. You can change the header settings for your account from the KMSAT Account Settings page. For more information, see our Account Settings Guide.
   8. Click Save.
   9. Click Enter words and enter "KnowBe4".
   10. Click Add, then click Save.
   11. In the Do the following section, ensure the drop-down menu on the left is set to Modify the message properties.
   12. In this same section, ensure the drop-down menu on the right is set to set the spam confidence level (SCL).
   13. Under the drop-down menu, ensure the spam confidence level is set to -1. 
       
       Note: To change the spam confidence level to -1, click the level it is set to. Then, select Bypass spam filtering in the specify SCL pop-up window and click Save.
       
   14. In the same section, add a second action by clicking the plus icon next to the drop-down menu on the right. 
   15. In the And section, select Modify the message properties from the drop-down menu on the left.
   16. In this same section, select set a message header from the drop-down menu on the right. 
   17. Under the And section, click the Enter text on the left and enter X-MS-Exchange-Organization-BypassClutter. 
   18. Click Save.
   19. Click the Enter text and enter "true".
   20. Click Save.
   21. Review all settings to ensure they are correct. Once you have completed this setup, please allow time for the new rule to propagate. Then, set up a test phishing campaign for yourself or a small group of users to test your new whitelisting rule.
   22. Click Next.
       Note: As a best practice, we recommend leaving the other options at their default settings.
   23. Click Finish.
       

Back to top

Bypassing the Junk Folder in Microsoft 365

To bypass your Junk folder in Microsoft 365, follow the steps below:

1. 1. Log into your Microsoft 365 Exchange admin center.
   2. Navigate to Mail flow > Rules.
   3. Click Add a rule, then select Bypass spam filtering from the drop-down menu.
   4. Give the rule a name, such as "KnowBe4 - Skip Junk Filtering".
   5. Under Apply this rule if, select The message headers... from the drop-down menu on the left. 
   6. In this same section, select includes any of these words from the drop-down menu on the right.
      Note: Make sure that you add a condition for each header you need to whitelist. For more information on phishing email headers settings, see our Account Settings Guide.
   7. In this same section, click Enter text and enter the header.
      Note: KnowBe4's default header is X-PHISHTEST.
   8. Click Save. 
   9. Click Enter words and enter "KnowBe4".
   10. Click Add, then click Save.
   11. From the Do the following section, ensure the drop-down menu on the left is set to Modify the message properties.
   12. In this same section, select set a message header from the drop-down menu on the right.
   13. In this same section, click the Enter text on the left and enter X-Forefront-Antispam-Report. This value is case-sensitive.
   14. Click Save.
   15. Click the Enter text on the right and enter SFV:SKI;CAT:NONE;. To learn more about this header, see Microsoft's Anti-spam message headers in Microsoft 365 article. This field is case-sensitive.
   16. Click Save.
   17. Ensure all options are filled out correctly. See the screenshot below for an example of the completed rule.
   18. Click Next.
       Note: As a best practice, we recommend leaving the other options at their default settings.
   19. After you've reviewed your whitelisting settings, click Finish.
   20. Change the priority of the rule to directly follow the rule you created in the previous section. For more information, see Microsoft’s Set the priority of a mail flow rule article.

Back to top