You want all employees in scope of a test to receive the Lupasafe phishing messages. But sometime messages end up in the spam or junk folder. This articles describes how to whitelist our phishing test addresses for high inbox rate, we prefer Powershell over native support in the portal.
(As a platform, we do not want rights to modify Exchange Online transport rules, anti-spam policies, and email filtering configurations on Office 365 tenants for security reasons - we prefer PowerShell scripts that allow customers to maintain full control over their own email security settings while achieving the same delivery results for phishing simulations)
There are 2 options:
A. Use a Powershell script (read a detailed installation with Powershell and 365 Admin here)
or
B. Follow the steps manually
Both methods are described below.
A. POWERSHELL
STEPS:
- Download powershell script (script is called "Elearning" as terms like "ph*shing" potentially upsets different systems)
- Start powershell as administrator
- Install modules
powershell # Install the Exchange Online Management module Install-Module -Name ExchangeOnlineManagement -Force -AllowClobber # If you plan to use Azure DNS, also install: Install-Module -Name Az.Dns -Force -AllowClobber # Allow running of local scripts Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
- Navigate to script and run the script .\
- Select right 365 tenant account
In Terminal prompt you will see the output of the steps.
Check
How to see if the whitelistening is completed? There are three ways:
- Send a phishing test from your Lupasafe account
- Test via Admincentre
Go – Mail Flow – Rules, you will see:
- Via Powershell request
# Connect to Exchange Online first
Connect-ExchangeOnline
# 1. Check Transport Rules
Get-TransportRule | Where-Object {$_.Name -like "*ELearning*"} | Format-List Name, State, Priority, Comments
# 2. Check Anti-Spam Policies
Get-HostedContentFilterPolicy | Where-Object {$_.Name -like "*ELearning*"} | Format-List Name, AllowedSenders
# 3. Check Safe Links Policies
Get-SafeLinksPolicy | Format-List Name, DoNotRewriteUrls
# 4. Check DKIM Status
Get-AcceptedDomain | ForEach-Object {
$domain = $_.Name
$dkim = Get-DkimSigningConfig -Identity $domain -ErrorAction SilentlyContinue
Write-Host "Domain: $domain - DKIM Enabled: $($dkim.Enabled)"
}
EXAMPLE OUTPUT:
Name : ELearning-Test-Bypass-Spam-Filter
State : Enabled
Priority : 5
Comments : Bypass spam filtering for e-learning test emails
Name : ELearning-Test-IP-Whitelist
State : Enabled
Priority : 6
Comments : Bypass spam filtering for e-learning test mail servers
Name : ELearning-Test-Whitelist-Policy
AllowedSenders : {phtest1@luminarywebtech.com, phtest2@luminarywebtech.com, phtest1@crestfallenconsulting.com,
phtest2@crestfallenconsulting.com}
Name : Standard Preset Security Policy1743744724810
DoNotRewriteUrls : {*.portal.lupasafe.com/*, *.crestfallenconsulting.com/*, *.luminarywebtech.com/*}
Name : Strict Preset Security Policy1743744792208
DoNotRewriteUrls : {*.portal.lupasafe.com/*, *.crestfallenconsulting.com/*, *.luminarywebtech.com/*}
Name : Built-In Protection Policy
DoNotRewriteUrls : {*.portal.lupasafe.com/*, *.crestfallenconsulting.com/*, *.luminarywebtech.com/*}
Domain: lupasafe.academy - DKIM Enabled: True
Domain: lupasafe.com - DKIM Enabled: True
B. MANUALLY
1. Make sure the email platform whitelists:
phtest1@luminarywebtech.com
phtest2@luminarywebtech.com
phtest1@crestfallenconsulting.com
phtest2@crestfallenconsulting.com
Also whitelist the sender if it´s not a sender inside the organisation, for example: ´security@ubspot.com´
Also whitelist the link inspector service for our domains
2. Allow, if needed, the mailserver at 141.95.84.46 and the mailserver at 45.82.191.25 (is included in our SPF record)
This can be done by adding +ip4:[ip address] to the SPF record. For example:
v=spf1 +a +mx +ip4:45.82.191.25 +ip4:141.95.84.46 -all
3. Configure the DKIM selector
If you want to send a phishing mail using a spoofed e-mail address of your own organisation, you can add the following DKIM selector to your DNS (add a DNS TXT record):
Name: lupasafescanner._domainkey
Value: v=DKIM1;t=s;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvxc/q5O9U1WTxB6zCclljr+YNxN+vIf7yKqUQlQa2pbd2tpY9sxtG0ZJBYhuMhh0Aaynhsyy+Si7WHI6Vdm/mgoHtHk7wrVxjI9gYdBXU0tSPCWAPQ1fPu/1ZnH+/T/VJw9t6XQ+WIf2FFhUpZBWoCrjuhL7m3dbCJ0JMQZuFVV5yVIzDiywS4s3MnzRWLp8o5Dut6XZnfXlgyoAkJBU0KhMg4AA4nYwnVWjWnUcurfb0uLjxyo1h8ojEP7NHw3GbnJCZb8G4/1RObmQ6LIezY0/VfQtXIIq+FMKclNTXELNfwN4DwrEcHY2MVIMbzjXDuHmH/Np4XqWzpocPyl+vuvYBIBLtoWmildq51WaNE660xtmMyqQayNydvjHZXEvvFJb22Hl6/pQbg8jLjT9mUK8INDDaVkOCsVrH8PFqySHlqtX4dCg/ZIvNn70Smt5X64UMtEYPG13bTzQst3dYhbQukwR9dtwqqwAYFv1zcSWozkds4wedCrHvvhJicQK8NohwUQjxyqv2EwRQXh8zfkqcY+mk/iPyrcsBd2H84FLJ19Pf7AyeOxtTOMAvHlV9LF3ieL11f4XPlzWyx10XLodSaXiYsiwoKqffiBVIjpRqwCrZgAQRoBCPq1GFroZLxV1zGAn3kJMBC1hDgX0vLLs/K4IkwCs5Gp52lv7ps0CAwEAAQ==
For Office 365 users:
4. In Office 365 Safe links policy: exclude the ´rewriting´ of links with 'portal.lupasafe.com' & ´crestfallenconsulting.com´ & ´luminarywebtech.com´.
5. Use an existing employee email address as sender to have a higher change that the phishing email reaches the inbox.
A phishing email with a random sender might have a bigger change that the mails lands in the Junk mail.
Does the email still lands in the spam box? Take the following additional measures:
6. In the Exchange Admin Center at MailFlow:
Create a specific rule that sets spam classification for the specific email address and mail server:
7. Please note: the line must be enabled:
8. Additionally in Microsoft 365 Defender:
Policies & rules > Threat policies > Advanced delivery
The domains, email addresses, etc. must be added there:
Of course, if an alternative is chosen, for example a domain name that resembles that of the company, it must also be added here.
9, Finally, you can (optionally) add spoofed senders
Under Policies & rules > Threat policies > Tenant allow/block list:
The email should now arrive in the inbox.
We recommend you inform employees about phishing tests being performed in order to give transparency. A good indicator of the success of high phishing awareness is employees raising an alert with the service desk, IT or security colleagues.