How to Whitelist by Email Headers in Exchange 2013, 2016, or Microsoft 365
Note:
Microsoft 365 Environments: If you whitelisted our email servers prior to February 2018, you will need to add an additional mail flow rule in your Microsoft 365 Admin center. Set up for this rule can be found in the section Bypassing the Junk Folder.
The instructions below show you how to whitelist simulated phishing test email headers in your Exchange 2013, 2016, or Microsoft 365 environment. The process is the same for all three mail servers though you may notice some slight visual differences. To whitelist our training emails, visit our Whitelisting Training Emails in Microsoft 365 article for more information.
Whitelisting is necessary in order for us to send simulated phishing emails that will bypass your mail filter. We recommend whitelisting by IP address or hostname but depending on your system setup (for instance, if you're using a cloud-based spam filter), whitelisting by headers may be the most suitable way to ensure phishing test emails are delivered to your users.
Note:
As an alternative for KnowBe4 users with an active subscription, we recommend our Direct Message Injection (DMI) feature. DMI eliminates the need to whitelist simulated phishing emails by creating a secure link between your KnowBe4 console and your Microsoft 365 Account. See our Direct Message Injection Guide for more information.
This filter will allow those simulated phishing emails to bypass your filter by whitelisting our email headers. We will also make sure that we bypass the Clutter folder in Microsoft's Exchange Online Protection (EOP) mail filter with this rule.
The instructions for setting up whitelisting by email headers are shown below (the below instructions show screenshots for Microsoft 365). Alternatively, you can watch our video on whitelisting by email header in Microsoft 365 here.
Jump to:
- Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and M365)
- Bypass Junk Folder (M365 mail servers ONLY)
Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and M365)
Note:
Are you having trouble with emails being blocked or quarantined? Check out this article from Microsoft for more information.
- Log into your mail server admin portal and select Exchange under Admin centers.
- Click mail flow from the left-hand menu and then click the + sign and select Bypass spam filtering… from the drop-down.
Mail Filtering Rule
- In the new rule window, give the rule a name, such as "Bypass Clutter & Spam Filtering by Email Header".
- From the Apply this rule if… drop-down menu, select A message header... then includes any of these words.
- On the right side of that rule, you will see *Enter text... and *Enter words...
- Click *Enter text... and type in the header name and header value.
Note:
By default, the header for KnowBe4 mail is X-PHISHTEST. It is recommended that you change the default header to a custom header or header token for enhanced security. You can change the header settings for your account from the Account Settings page. For more information, see our How to Edit Your Account Settings article.
- Click *Enter words … and type in KnowBe4 and click the + sign.
- Next, under Do the following… ensure that this field is set to Set the spam confidence level (SCL) to… and Bypass spam filtering is set on the right side.
- Add a second action by clicking the add action button under Do the following….
- From the drop-down menu, select Modify the message properties then set a message header
- Click the first *Enter text.... and type X-MS-Exchange-Organization-BypassClutter then click the second *Enter text... and type true.
- Review all settings to make sure they are correct.
Note:
For best practices, we recommend leaving the other options at their default settings.
Once you have completed this setup please allow time for the new rule to propagate. Then, set up a test phishing campaign for yourself or a small group to test out your new whitelisting rule.
Bypassing the Junk Folder (M365 mail servers ONLY)
This rule will allow only simulated phishing emails from us to bypass the Junk folder to ensure that your users are receiving simulated phishing emails in their inboxes.
- Under Admin centers, select Exchange.
- Select Mail Flow on the left-hand menu.
- Click the + and then select Create a new rule... from the drop-down menu.
- Give the rule a name, such as "KnowBe4 - Skip Junk Filtering".
- From the Apply this rule if.... drop-down, select A message header... then select includes any of these words.
Make sure that you add a condition for each header you need to whitelist. For more information on phishing email headers settings, click here.
- On the right side of that rule, you will see *Enter text... and *Enter words.... Click *Enter text... and type the header. KnowBe4's default header is X-PHISHTEST.
- Click *Enter words … and type KnowBe4 and then, click the + sign and OK.
- From the Do the following... drop-down menu, select Modify the message properties then Set a message header.
- Click on the *Enter text... button after "Set the message header" to set the message header. Enter the following text: X-Forefront-Antispam-Report. This value is case sensitive. Then, click OK.
- Click the *Enter text... button after "to the value" and enter "SFV:SKI;CAT:NONE;". To learn more about this header, click here. Please be aware that this field is case sensitive. Once the text is entered, click OK
- Beneath Properties of this rule:, set the priority to directly follow the rule you created in the previous section.
- Make sure all options are filled out correctly. An example of the completed rule is below.
Don't see the settings you need?
Click More options on the new rule screen to see all available settings.
- Click Save.
Comments
0 comments
Article is closed for comments.