How to enable Arsen phishing simulations using headers on Microsoft Office 365?
This procedure allows you to authorize our phishing simulations on your employees' email addresses by identifying them with a specific header on Microsoft 365.
This method is only recommended if you have a filtering solution upstream of your reception servers. In practical terms, this means that you need to whitelist our IP on your anti-phishing filter and then apply the header procedure on Microsoft Office 365.
If you don't have an upstream filtering solution for your emails, always prefer to use an IP address-based whitelisting procedure.
Remember to authorize our header or IP on your anti-spam or anti-phishing service to ensure the proper reception of our simulations.
Prerequisites
To follow this procedure, you must be the administrator of your company's Microsoft 365 account.
Step 1 : Bypassing anti-spam and anti-clutter protection
- Log in to your administration portal and select Exchange under Administration Centers.
- In Mail Flow, click on Rules.
- Click on the + to add a rule and select Bypass Spam Filtering.
- In the new rule window, choose a name like Arsen Anti-Phishing Authorization.
- Select A message header in the Apply this rule if... menu, then select Includes any of these words.
- On the right side, click the first Enter text...
- And in the new window, enter the value of the header.
- In the second Enter text..., enter "true" and click on the save button. The text should look like this:
- In Do the following..., make sure that Set the spam confidence level (SCL) to... is selected and that Bypass spam filtering is set to the right.
- Click on + to add an action
- Select Modify the message properties and then Set a message header.
- Click the first Enter text... and enter X-MS-Exchange-Organization-BypassClutter. Then click the second Enter text... and enter true.
- Leave the other options as default, then click Next
Step 2: Avoid Quarantine
This part of the procedure prevents our phishing simulations from being quarantined.
- Still in the Exchange Admin Center, select "Mail Flow" and then "Rules" in the left menu.
- Click the "+" button to add a rule.
- Select "Bypass spam filtering"....
- ...and name the rule Arsen Quarantine Avoidance.
- Click on "Apply this rule if..." and select A message header. Then select includes any of these words.
- In the first Enter text... field, enter the value of the header. By default, this value is X-Arsen-Training, but we strongly recommend following the header customization procedure for greater security.
- In the second Enter text... field, enter the text true and click the Save button.
- Click the Do the following... dropdown, select Modify the message properties, then select Set a Message Header.
- Click the first Enter text... to the right of "Set the message header" to define the header. Enter the text X-Forefront-Antispam-Report. Pay attention to capitalization: respect upper and lower case. Click OK.
- Click the second Enter text... after to the value to the right of Set the message header. Enter SFV:SKI;CAT:NONE;. Respect the capitalization: everything must be in uppercase. Click OK once the text is entered. Here is the final configuration of the rule:
- Click Next
Updated on: 29/01/2024
Thank you!