Successful allowlisting of Hoxhunt training emails often requires that you mail service is able to detected the true source IP address of the sent training email. However, there are email setups in which the sender IP address might change before the email is delivered to user's mailbox. Microsoft calls these email setups "complex routing scenarios".
If you encounter issues getting Advanced Delivery policy or mail flow rules to work properly with Hoxhunt training emails, or you are unable to use Partner Receive Connector with Hoxhunt, then Enhanced Filtering for Connectors (skip listing) is worth checking.
In scenarios where email for your Microsoft 365 or on-premise domain is routed somewhere else first, the source of the inbound connector is typically not the true indicator of where the message came from. Complex routing scenarios include:
- Third-party cloud filtering services (for example, Proofpoint and Mimecast)
- Managed filtering appliances (for example, Ironport)
- Hybrid environments (for example, on-premises Exchange)
Here's an example of a complex routing scenario:
As you can see, the message adopts the source IP of the service, appliance, or on-premises Exchange Server that sits in front of Microsoft 365. The message arrives in Microsoft 365 with a different source IP address. This makes allowlisting Hoxhunt training emails by sender IP address very challenging.
With Enhanced Filtering for Connectors, mail routing looks like this:
Sender IP address and sender information is preserved, allowing proper allowlisting for Hoxhunt as well as improved filtering for anti-phishing, anti-spoofing and better post-breach capabilities.
Read more about how to set up Enhanced Filtering for Connectors so it matches your routing scenario: https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors