How to Whitelist by Email Headers in Exchange 2013, 2016, or Microsoft 365

The instructions below show you how to whitelist simulated phishing test email headers in your Exchange 2013, 2016, or Microsoft 365 environment. The process is the same for all three mail servers though you may notice some slight visual differences. To whitelist our training emails, visit our Whitelisting Training Emails in Microsoft 365 article for more information.

Whitelisting is necessary in order for us to send simulated phishing emails that will bypass your mail filter. We recommend whitelisting by IP address or hostname, but depending on your system setup, you may need to whitelist by email headers to ensure phishing test emails are delivered. For example, if you're using a cloud-based spam filter, we recommend that you whitelist by email header and whitelist by IP address in your spam filter. For more information about whitelisting best practices, see our Whitelisting Data and Anti-Spam Filtering Information article.

This filter will allow those simulated phishing emails to bypass your filter by whitelisting our email headers. We will also make sure that we bypass the Clutter folder in Microsoft's Exchange Online Protection (EOP) mail filter with this rule.

The instructions for setting up whitelisting by email headers are shown below. Screenshots in this article are from Microsoft 365. Alternatively, you can watch our Whitelisting by Header in Microsoft 365 video. 

Jump to:

• Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and M365)
• Bypass Junk Folder (M365 mail servers ONLY)

Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and M365) 

1. Log into your mail server admin portal and select Exchange under Admin centers.
   
   
2. Click mail flow from the left-hand menu and then click Rules.
3. Click the + sign and select Bypass spam filtering… from the drop-down.
   
   

   Mail Filtering Rule

   

4. In the new rule window, give the rule a name, such as "Bypass Clutter & Spam Filtering by Email Header".
5. From the Apply this rule if… drop-down menu,  select A message header... then includes any of these words.
6. On the right side of that rule, you will see *Enter text... and *Enter words...
7. Click *Enter text... and type in the header name and header value.
   

   Note:

   By default, the header for KnowBe4 mail is X-PHISHTEST. It is recommended that you change the default header to a custom header or header token for enhanced security. You can change the header settings for your account from the Account Settings page. For more information, see our How to Edit Your Account Settings article.

8. Click *Enter words … and type in KnowBe4 and click the + sign.
   

   

9. Next, under Do the following… ensure that this field is set to Set the spam confidence level (SCL) to… and Bypass spam filtering is set on the right side.
10. Add a second action by clicking the add action button under Do the following….
11. From the drop-down menu, select Modify the message properties then set a message header 
12. Click the first *Enter text.... and type  X-MS-Exchange-Organization-BypassClutter then click the second *Enter text... and type true.
13. Review all settings to make sure they are correct.
    
    

    Note:

    For best practices, we recommend leaving the other options at their default settings.

    

    Once you have completed this setup please allow time for the new rule to propagate. Then, set up a test phishing campaign for yourself or a small group to test out your new whitelisting rule. 

Back to Top 

Bypassing the Junk Folder (M365 mail servers ONLY)

This rule will allow only simulated phishing emails from us to bypass the Junk folder to ensure that your users are receiving simulated phishing emails in their inboxes.

1. Under Admin centers, select Exchange.
2. Select Mail Flow on the left-hand menu and click Rules.
3. Click the + sign and select Bypass spam filtering… from the drop-down.
   
   
4. Give the rule a name, such as "KnowBe4 - Skip Junk Filtering".
5. From the Apply this rule if.... drop-down, select A message header... then select includes any of these words.

   Make sure that you add a condition for each header you need to whitelist. For more information on phishing email headers settings, click here.

6. On the right side of that rule, you will see *Enter text... and *Enter words.... Click *Enter text... and type the header. KnowBe4's default header is X-PHISHTEST. 
7. Click *Enter words … and type KnowBe4 and then, click the + sign and OK.
8. From the Do the following... drop-down menu, select Modify the message properties then Set a message header.
9. Click on the *Enter text... button after "Set the message header" to set the message header. Enter the following text: X-Forefront-Antispam-Report. This value is case sensitive. Then, click OK.
10. Click the *Enter text... button after "to the value" and enter "SFV:SKI;CAT:NONE;". To learn more about this header, click here. Please be aware that this field is case sensitive. Once the text is entered, click OK
11. Beneath Properties of this rule:, set the priority to directly follow the rule you created in the previous section.
12. Make sure all options are filled out correctly. An example of the completed rule is below.

    Don't see the settings you need?

    Click More options on the new rule screen to see all available settings.

    
13. Click Save.

Back to top