How to whitelist by email headers in Exchange 2013, 2016, or Office 365?

This guide will cover how to whitelist the simulated phishing email headers in your Exchange 2013, 2016, or Office 365 environment.

Depending upon your system setup (for instance, if you're using a cloud-based spam filter), whitelisting by headers may be the most suitable way to ensure phishing test emails are delivered to users.

This filter will allow those simulated phishing emails to bypass the filter by whitelisting the email headers. It will also make sure that the emails bypass the Clutter folder in Microsoft's Exchange Online Protection (EOP) mail filter with this rule.

Once the settings are in place, it may take some time for those settings to propagate. It's recommended that you wait 1-2 hours and then set up a phishing campaign to yourself or a small group to test out the new whitelisting rule.

Section 1: Bypass clutter and spam filters by Email Header 

1. Log into your mail server admin portal and go into the Admin.

2. Click on Exchange.

   
3. Go to Mail flow

4. Click the (+) icon, and select Bypass Spam Filtering…from the dropdown.

   
5. This will open the New Rule screen.
6. Give the rule a name, such as (Bypass Clutter & Spam Filtering by Email Header)
7. Under the "Apply this rule if...." select "A message header", and then select "includes any of these words”.
8. On the right side of that rule, you will see Enter text... and Enter words...

9. Click Enter text... and type in the header X-PHISHTEST and then click Enter words... and type in emPower.

   
10. From the "Do the following" drop down, select "Set the spam confidence level (SCL) to", and then select "Bypass spam filtering".
11. Add a second action to Do the following. Select Modify the message properties > set a message header.  Set the message header to X-MS-Exchange-Organization-BypassClutter; then click Enter text... and type true.

Once you have completed this setup please allow time for the new rule to propagate, and then set up a test phishing campaign for yourself or a small group, to test out your new whitelisting rule.

Section 2: Bypass the junk folder

*For customers using Office 365, only*

 This rule will allow only simulated phishing emails from emPower to bypass the Junk folder.

1. Log into your mail server admin portal and go into the Admin.
2. Click on Exchange section under Admin Centers.
3. Go to Mail flow

4. Click the (+) icon, and select Create a New Rule from the dropdown.

   
5. Give the rule a name, such as (emPower Skip Junk Filtering)
6. Click on "More options"
7. Under the "Apply this rule if...." A message header > includes any of these words.
8. On the right side of that rule, you will see Enter text and Enter words...
9. Click the Enter textand type in the header X-PHISHTEST and then click Enter words … and type in emPower.
10. When done, click OK.
11. From the "Do the following" drop down, select "Modify the message properties", and then select "Set a Message Header".
12. Set the message header to this value: 
    - Set the message header "X-Forefront-Antispam-Report" to the value "SFV:SKI;".

    •  To learn more about this header, click here.  

13. Beneath "Properties of this rule" set the priority to directly follow the existing rule (outlined in SECTION 1) set up for emPower whitelisting.
14. When done, click Save.