Do I Need to Smart Host?
If you cannot whitelist our mail servers, or if your mail environment includes a spam/content filter with limited whitelisting ability (that impacts deliverability of your Phishing Security Test (PST) emails), we can bypass your filter by smart hosting the phishing test emails.
Smart hosting should only apply to you if:
- You've already attempted to whitelist our mail server IP addresses in your spam/content filter(s).
- Your third-party hosted spam filter does not offer the ability to whitelist by hostname, IP or header.
- Your spam/content filter and mail server are separate entities
What is Smart Hosting?
A smart host is an email message transfer agent allowing an SMTP server to route mail directly to another mail server.
By Smart hosting, we will create a static route from our mail server to yours, thereby bypassing your spam/content filter (i.e. where your MX records point to).
How Do I Set up a Smart Host?
You will allow this smart host connection by modifying your firewall and/or mail server rules to ensure that direct SMTP connections from our IP addresses are allowed to your mail server. Please see this article for a list of our IP addresses.
You will then submit a support ticket to the KnowBe4 Support Team, here. Please provide the following info in your smart host request:
- A screenshot of your connector. See Setting Up a Connector in Microsoft 365 for more information for setup instructions in Microsoft 365.
- Your hostname or IP address (a hostname is preferred, in case your IP changes in the future)
- The method to locate your hostname varies by mail client/server; if you're using Microsoft 365, you can follow the instructions, here.
If you have multiple allowed domains on your KnowBe4 account, we can provide the smart host connection to one hostname or IP, per domain.
If you do need a smart host connection for multiple domains, specify each domain and the associated hostname or IP address.
Once a Support Representative receives your request, they will submit it to the appropriate team and inform you once this connection has been established.
We will then be able to send the simulated phishing emails directly to your mail server without having them blocked by your spam filter.
Setting Up a Connector in Microsoft 365
To add a connector to your Microsoft 365 account, follow the steps below:
- From your Exchange admin center, navigate to mail flow > connectors.
- Click the + sign to create a new connector.
- In the Connection from field, select Partner organization.
- In the Connection to field, Office 365 should be automatically selected. If it is not, select Office 365.
- Click Next.
- On the next screen, you will need to name the connector. Name it something identifiable, such as KB4 PST Connection Filter. You can also add a description if you'd like.
- When you're done, click Next.
- Select the Use the sender's IP address option and then, click Next.
- Using this article for reference, add the IP addresses for your server (US, EU, or CA).
- Once you've added all of our IP addresses, click Next.
- Select the Reject email messages if they aren't sent over TLS security option. This option ensures that only emails that are TLS encrypted will be sent through. We send all our emails over TLS for security purposes.
- Click Next and then after reviewing that your settings for the connector are correct, click Save.