🔎 Domains names validation

• How to validate your domain names in order to test the email addresses that depend on them ?

  To ensure the legitimacy of your phishing simulations, you must prove that you have administrative rights over the domain names of the email addresses you want to test. To do this, you simply need to follow a simple validation procedure that requires you to add a TXT field to the DNS zone of your domain, as outlined step-by-step below. Here's a summary of the steps: Summary Prerequisites Step 1: Go to the domain name validation menu (2-step-1-go-to-the-domain-nameSome readers

🎟️ Whitelisting

• How to authorize Arsen's phishing simulations on your email servers?

  Before you can start testing your employees, you need to configure your mail servers to deliver our simulations to the inbox and not to spam or marked as junk mail. If you don't follow this procedure, our simulations may end up in spam, and you won't be able to properly educate your entire workforce. Summary: Which authorization procedure to follow? Authorization procedure by IP address AuthoriFew readers

📘 Microsoft Procedure

• ❇️ How to allow Arsen phishing simulation by IP address Microsoft 365. (Recommended)

  By following this procedure, you will be able to allow our phishing simulations to bypass your protections in order to test the behavior of your employees. The goal is for our phishing simulations to reach your employees' inboxes directly, without going through the junk mail folder, which could distort your employees' training. Sommaire Prerequisites Step 1: Add Arsen's IP address to the allowed IPs list (2-step 1: Add Arsen's IP address to the allowed IPs list)Some readers

• How to enable Arsen phishing simulations using headers on Microsoft Office 365?

  This procedure allows you to authorize our phishing simulations on your employees' email addresses by identifying them with a specific header on Microsoft 365. This method is only recommended if you have a filtering solution upstream of your reception servers. In practical terms, this means that you need to whitelist our IP on your anti-phishing filter and then apply the header procedure on Microsoft Office 365. If you don't have an upstream filtering solution for your emails, always prefer toSome readers

• How to bypass Microsoft Office 365 Advanced Threat Protection (ATP) Safe Link/Attachment Processing?

  If you use the Advanced Threat Protection (ATP) feature and have noticed unlikely clicks on your phishing simulations, it's likely that the ATP analysis system has generated false events. Therefore, it's necessary to configure your email environment to bypass this protection during your phishing simulations with Arsen. This procedure complements the procedures for authorizing Arsen phishing simulations. As with these, there are two ways to identify and authorize our simulations: by IP or bySome readers

• ⚙️ How to allow Arsen phishing simulation by IP address Microsoft 365. (n°2)

  By following this procedure, you will be able to allow our phishing simulations to bypass your protections in order to test the behavior of your employees. The goal is for our phishing simulations to reach your employees' inboxes directly, without going through the junk mail folder, which could distort your employees' training. Sommaire Prerequisites Step 1: Add Arsen's IP address to the allowed IPs list (2-step 1: Add Arsen's IP address to the allowed IPs list)Few readers

• 🌁 How to create safe sender lists in Exchange Online Protection ?

  Creating safe sender lists in EOP for phishing simulations serves a specific purpose in the context of testing and training employees with Arsen : Phishing simulations involve sending simulated phishing emails to employees to test their ability to recognize and respond to phishing attempts. By adding the simulation tool's sender email addresses to the safe sender list, Outlook automatically downloads pictures from these specific senders and thus reduces the chances of these simulated emails beiFew readers

• Advanced Delivery Policies in Microsoft Defender for Office 365

  Before you start testing your employees, you need to configure your mail servers so that our simulations are delivered to the inbox and not to spam or junk mail. This article allows you to whitelist third-party phishing simulations such as Arsen. We advise you to use this procedure if you find yourself in one of the following situations: Exchange Online Protection Microsoft Defender for Office 365 Plan 1 and Plan 2 Microsoft Defender XDR Summary PrerequisitesFew readers

• How to allow Arsen phishing simulations using headers on Exchange 2010?

  This procedure enables you to authorize our phishing simulations on your employees' email addresses by identifying our simulations using a specific header on Exchange 2010. This method is recommended if you have a filtering solution upstream of your receiving servers. Open the Exchange Administration Console (Exchange Management Console or EMC). Open Organization Configuration in the left sidebar and click on Hub Transport. Under Actions in the right sidebar, select New TrFew readers

• How to allow Arsen phishing simulations using IP address on Exchange 2016 and 2019?

  This procedure enables you to authorize our phishing simulations on your employees' email addresses by identifying our simulations using our specific IP address on Exchange 2016 and 2019. Open the Exchange Admin Center. Open Mail Flow. You are automatically in the Rule tab. Click on + to add a new rule. Enter a name for your transport rule: WhiteliFew readers

• How to prevent Microsoft Defender from rewriting phishing links URL?

  Microsoft Defender for Office 365 Plan 2 (https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-office-3Few readers

📗 Google Procedure

• ❇️ How to allow Arsen simulations by IP address on Google Workspace/Google Apps? (Recommended)

  This process allows you to authorize our phishing simulations if you are using Google Workspace or Google Apps. If you have a cloud filtering system (anti-spam, anti-phishing) upstream, we recommend authorizing our phishing simulations on Google Workspace/Apps through the email header authorization process and authorizing us with your filtering solution via our IP address. Summary:Some readers

• How to allow phishing simulations using email headers on Google Workspace / Google Apps?

  To ensure that your employees receive our phishing simulation emails directly in their inbox and not in spam, you need to authorize our phishing simulations. This procedure allows you to authorize our phishing simulations on your employees' email addresses by identifying our simulations through a specific header on Google Workspace / Google Apps. This method is only recommended if you have a filtering solution upstream of your reception servers. In practical terms, this means that you need toSome readers

• How to bypass your protections by using Arsen's domain names whitelisting on Google Workspace/ Google Apps?

  This procedure allows you to authorize our phishing simulations and remove the alert banner that warns of potential spam on the email addresses of your colleagues on Google Workspace/Google Apps. This method is recommended if you have a filtering solution upstream of your receiving servers, and will allow you to avoid displaying alert banners that may come from the sending emails or Arsen domains that you will insert into a list. Summary Step 1: Edit the settings of the rules that concerPopular