The spoof intelligence policy included in the Tenant Allow/Block List, looks at an email’s From address to determine if spoof intelligence should be applied. This feature improves whitelisting phishing security tests and prevents certain errors, such as the “We could not verify the identity of the sender” error, from occurring. For more information, see Microsoft's Manage allows and blocks in the Tenant Allow/Block List Manage allows and blocks in the Tenant Allow/Block List (link opens in new window) article.
There are three main methods of whitelisting a sender within the spoof intelligence policy: full infrastructure wild carding, domain-specific whitelisting, or a sender-specific allow.
We recommend that you use the full infrastructure wild carding method as this is the easiest method to whitelist all emails from KnowBe4.
For more details on the syntax for the Tenant Allow/Block List for spoof intelligence, see Microsoft’s Manage allows and blocks in the Tenant Allow/Block List Manage allows and blocks in the Tenant Allow/Block List (link opens in new window) article.
Access the Spoofed Senders Tab
In order to use the spoof intelligence feature, you'll need to access the Spoofed senders tab in Microsoft Defender.
- Log in to your Microsoft 365 admin center Microsoft 365 admin center (link opens in new window).
- Navigate to Admin centers > All Admin centers.
- Click Security.
- Navigate to Email collaboration > Policies & rules.
- Select Threat policies.
- Click Tenant Allow/Block Lists.
- Click the Spoofed senders tab.
- Click Add.
- Add the correct domains from the sections below based on your preferred whitelisting method.
- Click Add.
Spoof Any Domain (Recommended)
You can allow any domain spoofing from our mail server through a PTR record. Enabling domain spoofing allows any email sent from our mail server to bypass the spoof intelligence policies that would otherwise be imposed on inbound mail flow.
Navigate to the Spoofed senders tab using the steps in the section above, then add the correct domains based on your region:
| Region | Domains |
|---|---|
| training.knowbe4.com | *, psm.knowbe4.com *, ispservices.org |
| eu.knowbe4.com | *, psm.knowbe4.com *, ispservices.co.uk |
| ca.knowbe4.com | *, psm.knowbe4.com *, ispservices.net |
| de.knowbe4.com | *, psm.knowbe4.com *, mailserver-status.com |
| uk.knowbe4.com | *, psm.knowbe4.com *, online-login-portal.com |
Spoof a Customer or Specific Domain
Navigate to the Spoofed senders tab using the steps in the section above, then add the correct domains based on your region:
| Region | Domains |
|---|---|
| training.knowbe4.com | *, example.com *, psm.knowbe4.com *, ispservices.org |
| eu.knowbe4.com | *, example.com *, psm.knowbe4.com *, ispservices.co.uk |
| ca.knowbe4.com | *, example.com *, psm.knowbe4.com *, spservices.net |
| de.knowbe4.com | *, example.com *, psm.knowbe4.com *, mailserver-status.com |
| uk.knowbe4.com | *, example.com *, psm.knowbe4.com *, online-login-portal.com |
Spoof a Specific Sender Address
Navigate to the Spoofed senders tab using the steps in the section above, then add the correct domains based on your region:
Note: Replace fakeuser@example.com with the domain you want to spoof.
| Region | Domains |
|---|---|
| training.knowbe4.com | fakeuser@example.com *, psm.knowbe4.com *, ispservices.org |
| eu.knowbe4.com | *, fakeuser@example.com *, psm.knowbe4.com *, ispservices.co.uk |
| ca.knowbe4.com | *, fakeuser@example.com *, psm.knowbe4.com *, ispservices.net |
| de.knowbe4.com | *, fakeuser@example.com *, psm.knowbe4.com *, mailserver-status.com |
| uk.knowbe4.com | *, fakeuser@example.com *, psm.knowbe4.com *, online-login-portal.com |
Frequently Asked Questions (FAQ)
What is a PTR record?
A PTR (or pointer) record is the domain that is found in a reverse DNS lookup of the source email server's IP address.
What is spoof intelligence in Microsoft Defender?
For more information on spoof intelligence in Microsoft Defender, see Microsoft’s Spoof intelligence insight for cloud mailboxes Spoof intelligence insight for cloud mailboxes (link opens in new window) article.
For further assistance with this feature, contact our support team contact our support team (link opens in new window).