HowTo: Allow-List by X-Header in Exchange 2013, 2016, or Microsoft 365

Allow-Listing X-Headers is necessary in order for CyberHoot to send simulated phishing emails to bypass your mail filter. We recommend whitelisting by IP address or hostname but depending on your system setup, allow-listing by headers may be the most fitting way to ensure phishing test emails are delivered to your user’s inboxes. Follow the instructions below to allow-list our headers:

Bypassing Clutter and Spam Filtering by Email Header (Exchange 2013, 2016, and M365) 

  1. Log into your mail server admin portal and select Exchange under Admin centers.

  2. Click mail flow from the left-hand menu and then click the + sign and select Bypass spam filtering… from the drop-down.

    Mail Filtering Rule

  3. In the new rule window, give the rule a name, such as “Bypass Clutter & Spam Filtering by Email Header”.
  4. From the Apply this rule if… drop-down menu, select A message header… then includes any of these words.
  5. On the right side of that rule, you will see *Enter text… and *Enter words
    • Click *Enter text… and type in the header name and header value.
      • The header for CyberHoot mail is Become_More_Aware
  6. Click *Enter words … and type in CyberHoot and click the + sign.
  7. Next, under Do the following… ensure that this field is set to Set the spam confidence level (SCL) to… and Bypass spam filtering is set on the right side.
  8. Add a second action by clicking the add action button under Do the following….
  9. From the drop-down menu, select Modify the message properties then set a message header 
  10. Click the first *Enter text…. and type  X-MS-Exchange-Organization-BypassClutter then click the second *Enter text… and type true.
  11. Review all settings to make sure they are correct.
    • For best practices, we recommend leaving the other options at their default settings.

Once you have completed this setup please allow time for the new rule to generate. Then, set up a test phishing campaign for yourself or a small group to test out your new whitelisting rule.

Bypassing the Junk Folder (M365 mail servers ONLY)

This rule will allow only simulated phishing emails from us to bypass the Junk folder to ensure that your users are receiving simulated phishing emails in their inboxes.

  1. Under Admin centers, select Exchange.
  2. Select Mail Flow on the left-hand menu.
  3. Click the + and then select Create a new rule… from the drop-down menu.

  4. Give the rule a name, such as “CyberHoot – Skip Junk Filtering”.
  5. From the Apply this rule if…. drop-down, select A message header… then select includes any of these words.

    Make sure that you add a condition for each header you need to whitelist.

  6. On the right side of that rule, you will see *Enter text… and *Enter words… Click *Enter text… and type the header. CyberHoot’s default header is Become_More_Aware. 
  7. Click *Enter words … and type CyberHoot and then, click the + sign and OK.
  8. From the Do the following… drop-down menu, select Modify the message properties then Set a message header.
  9. Click on the *Enter text… button after “Set the message header” to set the message header. Enter the following text: X-Forefront-Antispam-Report. This value is case sensitive. Then, click OK.
  10. Click the *Enter text… button after “to the value” and enter “SFV:SKI;CAT:NONE;“. To learn more about this header, click here. Please be aware that this field is case sensitive. Once the text is entered, click OK
  11. Beneath Properties of this rule:, set the priority to directly follow the rule you created in the previous section.
  12. Make sure all options are filled out correctly.
  13. Click Save

Don’t see the settings you need?

Click More options on the new rule screen to see all available settings.

If you are looking for more assistance, head to our HowTo Library, or contact
Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.