Microsoft 365 and Exchange Whitelisting

This article will cover how to whitelist Curricula’s training email and phishing simulator email servers in Exchange 2013, 2016, and Microsoft 365.   

Exchange users should complete Steps 1-2. Microsoft 365 users, please complete Steps 1-4.  

Step 1: Add Curricula’s IPs to Your IP Allow List

Let’s begin by adding Curricula’s IP addresses (training and phishing simulator) to your Exchange/Microsoft 365 allow list.   

(If you are using Exchange 2010, 2013, 2016 and 2019, you can also set up an IP allow list using a command line. See instructions from Microsoft here: Add-IPAllowListEntry.)  

Here’s what you need to do:  

  1. Log into your mail server’s admin portal and select the Admin application.
  2. Go to the Navigation Menu on the left side of the screen and select Exchange under the Admin Centers section. You will be directed to the Exchange Admin Center page.

    Exchange 1

  3. Select Connection Filter under the Protection heading (on the main page), or use the Exchange Admin Center sidebar on the left of the screen to select Protection > Connection Filter.

    Exchange 2

  4. Click the pencil icon to edit your default connection filter policy. A new dialog box will appear.

    Exchange 3

  5. Select Connection Filtering on the left side of the box. Next, click on the + icon under IP Allow List to add Curricula IP addresses. The Add Allowed IP Address screen will appear.

    Exchange 4

  6. On this new screen, under the Address or Address Range section, add the following Curricula IP addresses one at a time:
    • 18.205.140.116 (Phishing Server)
    • 168.245.36.66 (Training Server)

      Exchange 5
  7. Click OK on the Add Allowed IP Address screen, then Save on the bottom of the Default Settings screen to finalize the changes.
 With Curricula’s IP addresses successfully added to your IP Allow List, let’s now turn to navigating Exchange/Microsoft 365 clutter and spam filtering.   

Step 2: Allow Curricula Emails to Bypass Clutter and Spam Filters 

To keep Curricula’s training and phishing emails out of the Exchange/Microsoft 365 clutter and spam filters, create a new mail flow rule from the Exchange Admin Center.  

To create a new mail flow rule for Curricula notification (training and phishing) emails:  

  1. Log into your mail server admin portal and select the Admin application.
  2. On the Navigation Menu on the left side of the screen, select Exchange under the Admin Centers section. You will be directed to the Exchange Admin Center page.
  3. Select Mail Flow from the Exchange Admin Center sidebar on the left of the screen.

    Exchange 6

  4. Under the Mail Flow Rules tab, click the + symbol.
  5. Select Bypass Spam Filtering from the drop-down. A new box will appear where you will complete the following steps to create your new rule.
    Exchange 7

  6. Begin by creating a name for your new rule, such as “Bypass Clutter and Spam Filtering by IP Address”.
  7. Next, click on the Apply this rule if… drop-down and select The sender then IP address is any of these ranges or exactly matches.

    Exchange 8

  8. In the Specify IP address ranges dialog box, enter the following Curricula IP addresses one at a time:
    • 18.205.140.116 (Phishing Server)
    • 168.245.36.66 (Training Server)
  9. Click OK to add Curricula’s IP addresses.
  10. From the Do the following…  drop-down, create a message header by clicking Modify the message properties, followed by Set a message header and Enter Text (if necessary).

    Exchange 9

  11. On the Message Header dialog box, create a message header for your rule, such as ”X-MS-Exchange-Organization-BypassClutter" (case-sensitive), and click OK. Set the value to “true” (also case-sensitive) and click OK.
  12. Click Add Action, then use the Do the following… drop-down to select Modify the message properties followed by Set the spam confidence level (SCL) too… A new Specify SCL dialog box will appear.
  13. Select Bypass spam filtering from the drop-down and click OK.

    Exchange 10

  14. Click Save at the bottom of the Bypass Clutter and Spam Filter by IP Address box to save your new mail flow rule.

 At this point, Exchange users are finished with the whitelisting process. Before launching a phishing campaign or sending training notifications to your team, we recommend first sending tests both to yourself and a few others to verify the whitelisting was successful.  

If you are a Microsoft 365 user, please proceed to Step 4.    

Step 3 (Microsoft 365 Only): Allow Curricula Emails to Bypass Junk Folder

Office 365 users will need to create an additional mail flow rule so Curricula phishing and training messages will bypass the Junk folder.  

Starting from the Exchange Admin Center:  

  1. Select Mail Flow from the Exchange Admin Center on the left of the screen.

    Exchange 11

  2. Under the Mail Flow Rules tab, click the + symbol.
  3. Select Bypass Spam Filtering from the drop-down. A new box will appear where you will complete the following steps to create your new rule.

    Exchange 12

  4. Create a name for the new rule, such as “Curricula-Bypass Junk Folder Filtering”. 
  5. Click the Apply this rule if… drop-down and select The Sender, followed by IP address is in any of these ranges or exactly matches.

    Exchange 13

  6. In the Specify IP address ranges dialog box, enter the following Curricula IP addresses:
    • 18.205.140.116 (Phishing Server)
    • 168.245.36.66 (Training Server)
  7. Click OK to add Curricula’s IP addresses.
  8. Click on the Do the following… drop-down and select Modify the message properties, then Set a message header to this value.

    Exchange 14

  9. Set message header to “X-Forefront-Antispam-Report” (case-sensitive), then click OK.
  10. Set following value to “SFV: SKI” (case-sensitive), then click OK.
  11. Under the Properties of this rule section, set the priority to directly follow the rule you created in Bypassing Clutter and Spam section.
  12. Click Save to finalize your new rule.
 

Step 4 (Microsoft 365 Only): Setting up a Connector to Prevent Deferments

 

 Finally, setup a connector to prevent deferments:  
  1. Starting from the Exchange Admin Center, select Mail Flow then Connectors.
  2. Click on the + symbol to add a new connector. A new Select your mail flow scenario screen will appear.
  3. Click on the From field drop-down and select Partner Organization.
  4. Click on the To field drop-down and select Microsoft 365.
  5. Click Next at the bottom of the Select your mail flow scenario screen to proceed.
  6. Create a name for your new connector on the New Connector screen. We recommend you name it something like “Curricula Connection Filter.” You can also add a description for this new connecter if you choose.
  7. Click Next at the bottom of the New Connector screen to proceed.
  8. Under How do you want to identify the partner organization?, select Use the sender’s IP address then click Next.
  9. Click on the + sign and add Curricula’s IP addresses:
    • 18.205.140.116 (Phishing Server)
    • 168.245.36.66 (Training Server)
  10. Once the IP addresses are added, click Next to proceed.
  11. Select the Reject email messages if they aren't sent over TLS security option. This option ensures that only emails that are TLS encrypted will be sent through. We send all our emails over TLS for security purposes.
  12. Click Next, then review your setting and click Save to add your new connector.
 Now that you are finished whitelisting for your Microsoft 365 account, we recommend first sending test emails to yourself and a small group of employees to verify the whitelisting was successful before launching Curricula to your staff.    

Troubleshooting

 If you are not receiving Curricula notification emails, or if they are ending up in your learners’ spam, clutter, or junk folders, you can attempt the following troubleshooting suggestions:  
  • Check if your organization uses an additional email protection service (Barracuda, Mimecast, etc.) to filter emails. If so, see our whitelisting instructions for that particular service.
  • If you experience any issues delivering phishing campaign emails, verify that you have whitelisted Curricula’s phishing domains. You can find these in the Curricula admin portal by following these steps: User > Account > Settings > Phishing.
  • If after a failed phishing test you see that your message ‘X-PHISHTEST’ header contains “Curricula”, change the message header to ‘X-MS-Exchange-Organization-BypassClutter’ and set the value ‘true.’
If these steps don’t resolve the issue, let us know by submitting a ticket to our support team. You can contact us anytime by submitting a support request using the link below: 

https://support.curricula.com/kb-tickets/new