Lupasafe (Skopos Security Labs B.V.)

You want all employees in scope of a test to receive the Lupasafe phishing messages. But sometime messages end up in the spam or junk folder. So, how do you increase the success rate of delivery into the employee's inbox for a Lupasafe custom phishing campaign?

When starting a phishing test, always take the following steps:

1. Make sure the email platform whitelists:

phtest1@luminarywebtech.com
phtest2@luminarywebtech.com
phtest1@crestfallenconsulting.com
phtest2@crestfallenconsulting.com

Also whitelist the sender if it´s not a sender inside the organisation, for example: ´security@ubspot.com´

2. Allow, if needed, the mailserver at 141.95.84.46 and the mailserver at 45.82.191.25 (is included in our SPF record)

This can be done by adding +ip4:[ip address] to the SPF record. For example:

v=spf1 +a +mx +ip4:45.82.191.25 +ip4:141.95.84.46 -all

3.  Configure the DKIM selector

If you want to send a phishing mail using a spoofed e-mail address of your own organisation, you can add the following DKIM selector to your DNS (add a DNS TXT record):

Name: lupasafescanner._domainkey

Value: v=DKIM1;t=s;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvxc/q5O9U1WTxB6zCclljr+YNxN+vIf7yKqUQlQa2pbd2tpY9sxtG0ZJBYhuMhh0Aaynhsyy+Si7WHI6Vdm/mgoHtHk7wrVxjI9gYdBXU0tSPCWAPQ1fPu/1ZnH+/T/VJw9t6XQ+WIf2FFhUpZBWoCrjuhL7m3dbCJ0JMQZuFVV5yVIzDiywS4s3MnzRWLp8o5Dut6XZnfXlgyoAkJBU0KhMg4AA4nYwnVWjWnUcurfb0uLjxyo1h8ojEP7NHw3GbnJCZb8G4/1RObmQ6LIezY0/VfQtXIIq+FMKclNTXELNfwN4DwrEcHY2MVIMbzjXDuHmH/Np4XqWzpocPyl+vuvYBIBLtoWmildq51WaNE660xtmMyqQayNydvjHZXEvvFJb22Hl6/pQbg8jLjT9mUK8INDDaVkOCsVrH8PFqySHlqtX4dCg/ZIvNn70Smt5X64UMtEYPG13bTzQst3dYhbQukwR9dtwqqwAYFv1zcSWozkds4wedCrHvvhJicQK8NohwUQjxyqv2EwRQXh8zfkqcY+mk/iPyrcsBd2H84FLJ19Pf7AyeOxtTOMAvHlV9LF3ieL11f4XPlzWyx10XLodSaXiYsiwoKqffiBVIjpRqwCrZgAQRoBCPq1GFroZLxV1zGAn3kJMBC1hDgX0vLLs/K4IkwCs5Gp52lv7ps0CAwEAAQ==

For Office 365 users:

4. In Office 365 Safe links policy: exclude the ´rewriting´ of links with 'portal.lupasafe.com' & ´crestfallenconsulting.com´ & ´luminarywebtech.com´. 

5. Use an existing employee email address as sender to have a higher change that the phishing email reaches the inbox. 
A phishing email with a random sender might have a bigger change that the mails lands in the Junk mail.

Does the email still lands in the spam box? Take the following additional measures:

6. In the Exchange Admin Center at MailFlow: 
Create a specific rule that sets spam classification for the specific email address and mail server:

7. Please note: the line must be enabled:

8. Additionally in Microsoft 365 Defender:

Policies & rules > Threat policies > Advanced delivery

The domains, email addresses, etc. must be added there:

Of course, if an alternative is chosen, for example a domain name that resembles that of the company, it must also be added here.

9, Finally, you can (optionally) add spoofed senders 
Under Policies & rules > Threat policies > Tenant allow/block list:

The email should now arrive in the inbox.

We recommend you inform employees about phishing tests being performed in order to give transparency. A good indicator of the success of high phishing awareness is employees raising an alert with the service desk, IT or security colleagues.