How to Whitelist by Email Headers in Exchange 2013, 2016, or Office 365
This document will cover how to whitelist simulated phishing test email headers in your Exchange 2013, 2016, or Office 365 environment (the process is the same for each of those three mail servers).
Whitelisting is necessary in order for us to send simulated phishing emails that will bypass your mail filter. Typically we recommend whitelisting by IP address or domain. But depending on your system setup (for instance, if you're using a cloud-based spam filter), whitelisting by headers may be the most suitable way to ensure phishing test emails are delivered to your users.
This filter will allow those simulated phishing emails to bypass your filter by whitelisting our email headers. We will also make sure that we bypass the Clutter folder in Microsoft's Exchange Online Protection (EOP) mail filter with this rule.
Once your settings are in place, it may take some time for those settings to propagate. We recommend that you wait 1-2 hours and then set up a phishing campaign to yourself or a small group to test out your new whitelisting rules.
The instructions for setting up these rules are shown below (the below instructions show screenshots for Office 365).
Log into your mail server admin portal and go into the Admin -> Exchange area.
Click on the mail flow section and then click the big + sign in the right-hand area and select “Bypass Spam Filtering…” from the dropdown.
Mail Filtering Rule
This will open the New Rule screen.
Step 3: Creating the Rule
- Give the rule a name, such as Bypass Clutter & Spam Filtering by Email Header.
- Select “Apply this rule if…” then choose “A message header -> includes any of these words”
- On the right side of that rule, you will see “Enter text” and “Enter words..”
- Click the “Enter text” and type in the header “X-PHISHTEST” and then click “Enter words …” and type in “KnowBe4”
How to set the message header settings:
- Next, under “Do the following…” Ensure that this field is set to “Set the spam confidence level (SCL) to…” and “Bypass spam filtering” is set on the right side.
- Add a second action to “Do the following…” to “Set the message header to this value...” and ensure you set the message header to “X-MS-Exchange-Organization-BypassClutter”
Example of the final rule set up as explained: