Lupasafe (Skopos Security Labs B.V.)

You want all employees in scope of a test to receive the Lupasafe phishing messages. But sometime messages end up in the spam or junk folder. This articles describes how to whitelist our phishing test addresses for high inbox rate, we prefer Powershell over native support in the portal.

(As a platform, we do not want rights to modify Exchange Online transport rules, anti-spam policies, and email filtering configurations on Office 365 tenants for security reasons - we prefer PowerShell scripts that allow customers to maintain full control over their own email security settings while achieving the same delivery results for phishing simulations)

There are 2 options:
1. Use a Powershell script (read a detailed installation with Powershell and 365 Admin here)
or
2. Follow the steps manually

MANUAL
1. Make sure the email platform whitelists:

phtest1@luminarywebtech.com
phtest2@luminarywebtech.com
phtest1@crestfallenconsulting.com
phtest2@crestfallenconsulting.com

Also whitelist the sender if it´s not a sender inside the organisation, for example: ´security@ubspot.com´
Also whitelist the link inspector service for our domains

2. Allow, if needed, the mailserver at 141.95.84.46 and the mailserver at 45.82.191.25 (is included in our SPF record)

This can be done by adding +ip4:[ip address] to the SPF record. For example:

v=spf1 +a +mx +ip4:45.82.191.25 +ip4:141.95.84.46 -all

3.  Configure the DKIM selector

If you want to send a phishing mail using a spoofed e-mail address of your own organisation, you can add the following DKIM selector to your DNS (add a DNS TXT record):

Name: lupasafescanner._domainkey

Value: v=DKIM1;t=s;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvxc/q5O9U1WTxB6zCclljr+YNxN+vIf7yKqUQlQa2pbd2tpY9sxtG0ZJBYhuMhh0Aaynhsyy+Si7WHI6Vdm/mgoHtHk7wrVxjI9gYdBXU0tSPCWAPQ1fPu/1ZnH+/T/VJw9t6XQ+WIf2FFhUpZBWoCrjuhL7m3dbCJ0JMQZuFVV5yVIzDiywS4s3MnzRWLp8o5Dut6XZnfXlgyoAkJBU0KhMg4AA4nYwnVWjWnUcurfb0uLjxyo1h8ojEP7NHw3GbnJCZb8G4/1RObmQ6LIezY0/VfQtXIIq+FMKclNTXELNfwN4DwrEcHY2MVIMbzjXDuHmH/Np4XqWzpocPyl+vuvYBIBLtoWmildq51WaNE660xtmMyqQayNydvjHZXEvvFJb22Hl6/pQbg8jLjT9mUK8INDDaVkOCsVrH8PFqySHlqtX4dCg/ZIvNn70Smt5X64UMtEYPG13bTzQst3dYhbQukwR9dtwqqwAYFv1zcSWozkds4wedCrHvvhJicQK8NohwUQjxyqv2EwRQXh8zfkqcY+mk/iPyrcsBd2H84FLJ19Pf7AyeOxtTOMAvHlV9LF3ieL11f4XPlzWyx10XLodSaXiYsiwoKqffiBVIjpRqwCrZgAQRoBCPq1GFroZLxV1zGAn3kJMBC1hDgX0vLLs/K4IkwCs5Gp52lv7ps0CAwEAAQ==

For Office 365 users:

4. In Office 365 Safe links policy: exclude the ´rewriting´ of links with 'portal.lupasafe.com' & ´crestfallenconsulting.com´ & ´luminarywebtech.com´. 

5. Use an existing employee email address as sender to have a higher change that the phishing email reaches the inbox. 
A phishing email with a random sender might have a bigger change that the mails lands in the Junk mail.

Does the email still lands in the spam box? Take the following additional measures:

6. In the Exchange Admin Center at MailFlow: 
Create a specific rule that sets spam classification for the specific email address and mail server:

7. Please note: the line must be enabled:

8. Additionally in Microsoft 365 Defender:

Policies & rules > Threat policies > Advanced delivery

The domains, email addresses, etc. must be added there:

Of course, if an alternative is chosen, for example a domain name that resembles that of the company, it must also be added here.

9, Finally, you can (optionally) add spoofed senders 
Under Policies & rules > Threat policies > Tenant allow/block list:

The email should now arrive in the inbox.

We recommend you inform employees about phishing tests being performed in order to give transparency. A good indicator of the success of high phishing awareness is employees raising an alert with the service desk, IT or security colleagues.