Overview
Whitelisting and Mail Flow rules are needed to ensure Hoxhunt's simulation emails are safely delivered to every employee's Inbox.
This consists of three main steps and three optional steps:
- Whitelist Hoxhunt email servers
- Add Mail Flow rules to bypass Spam Filtering and Clutter
- Add Mail Flow rule to bypass Focused Inbox
- Only for M365: Add mail flow rule to skip Junk Filtering
- Only for M365+ATP: Skip link and attachment scanning
- Mail flow rules to detect forwarded Hoxhunt simulation
IMPORTANT: You must complete the above steps for successful whitelisting!
IMPORTANT: If you have a Hybrid (On-premise Exchange + M365), complete the steps on both on-premise Exchange Server and M365.
1. Whitelist Hoxhunt email servers
Step 1:
If you are configuring O365, log in to M365 and navigate to Admin > Admin Centers > Exchange.
If you are configuring on-premise Exchange, log in to Exchange Admin Center.
Step 2:
Under Protection select connection filter.
NOTE: the Connection Filter is not available on Mailbox servers. It's only available on an Edge Transport server.
Step 3:
Edit the default policy by selecting the pencil icon.
Step 4:
Click on the "+" sign on IP Allow list.
Add 37.139.12.94 and 35.156.0.138.
Click Save.
Note: If you have trouble configuring the connection filter via Exchange Admin Center (e.g. you are running Exchange Server 2013 or the Connection filter menu item is not available, please check this Technet article which explains how to perform the step via Powershell cmdlet called Add-IPAllowListEntry. Also note that this feature is only available on Edge Transport servers, not Mailbox servers.
2. Add Mail Flow rules
2.1 Add rule for Spam Confidence Level to bypass spam filtering (SCL -1)
Step 1:
At the top-level of your Admin center, select Mail flow. Click the “+”-icon and select “Create a new rule...”
Give the rule a name, such as “Spam Whitelisting for HoxHunt”, or follow your company's naming convention.
Select "More options..."
Step 2:
Add the following condition:
"Apply this rule if..." > "IP address is in any of these ranges or exactly matches"
Add 37.139.12.94 and 35.156.0.138.
Click OK.
Step 3:
Add the following action:
"Do the following..." > "Modify the message properties..." > "set the spam confidence level (SCL)"
In the "Specify SCL" dialog, select "Bypass spam filtering" or "-1".
Click OK.
2.2 Add rule to bypass Clutter evaluation
Let's continue configuring the same mail flow rule.Clutter is a feature that moves low-priority emails out of user's inbox to a folder called Clutter. Clutter analyzes user's email habits, and based on past behavior, it determines the messages that the user most likely to ignore. To make sure Hoxhunt's simulation emails are always delivered to the user's inbox, you must bypass the Clutter evaluation for Hoxhunt simulation emails.
Step 1:
Select "Add action" and then select "Modify the message properties..." > "set a message header".
Click on Set a message header "Enter text..." add the following (case sensitive!):
X-MS-Exchange-Organization-BypassClutter
Click on ...to the value “Enter text…” and add (case sensitive!):
true
This rule is now complete. Click Save.
3. Add Mail Flow rule to bypass Focused Inbox evaluation
Focused Inbox is a feature that automatically evaluates incoming emails and direct them to two views: "Focused" and "Others". To make sure Hoxhunt's simulation emails are always delivered to the user's "Focused" inbox, you must bypass the evaluation for Hoxhunt simulation emails.
Let's create a new mail flow rule to bypass Focused Inbox evaluation.
Step 1:
Click the (+) Create New Rule button under Mail Flow > Rules.
Give the rule a name, such as "Focused Inbox whitelisting for Hoxhunt".
Click on More options.
Add the condition Apply this rule if...
Select The sender..., and select IP address is in any of these ranges or exactly matches. Specify the following sender IP addresses, then click OK.
37.139.12.94
35.156.0.138
Under "Do the following", select "Modify the message properties..." then "Set a Message Header".
Click on Set a message header "Enter text..." add the following (case sensitive!):
X-MS-Exchange-Organization-BypassFocusedInbox
Click on ...to the value “Enter text…” and add (case sensitive!):
true
Beneath Properties of this rule set the priority to directly follow the existing rules for HoxHunt.
This rule is now complete. Click Save.
4. Only for M365: Add mail flow rule to skip Junk Filtering
The following Mail Flow rule is required by all M365 mail services that have EOP (Exchange Online Protection) or ATP (Advanced Threat Protection) enabled.
Go to Admin > Mail > Mail Flow.
Click the (+) Create New Rule button under Mail Flow > Rules.
Give the rule a name, such as "Skip Junk Filtering for Hoxhunt".
Click on More options.
Add the condition Apply this rule if...
Select The sender..., and select IP address is in any of these ranges or exactly matches. Specify the following sender IP addresses, then click OK.
37.139.12.94
35.156.0.138
Under "Do the following", select "Modify the message properties..." then "Set a Message Header".
Add a header X-Forefront-Antispam-Report and set it to value SFV:SKI;
Beneath Properties of this rule set the priority to directly follow the existing rules for HoxHunt.
This rule is now complete. Click Save.
5. Only for M365+ATP: Skip link and attachment scanning
6. Mail flow rules to detect forwarded Hoxhunt simulation
Mail flow rules can be implemented to help the receiver notice if the forwarded email contains a Hoxhunt simulation. People might forward simulations to colleagues asking for help identifying the email - adding a mail flow rule to notify the receiver about the Hoxhunt simulation will save time and effort spent on analysing the email.
Frequently Asked Questions
After whitelisting, we are receiving ETR Override alert notification emails from Microsoft.
Please see Suppress ETR override notifications from Microsoft
I'm not receiving Hoxhunt emails after whitelisting
- Check the order of your mail flow rules. If you have a spam filter rule in place that has a higher priority than your Hoxhunt rule, this may prevent Hoxhunt emails from being delivered successfully.
- Solution: Raise the priority of Hoxhunt mail flow rule.
- Check the emails headers for sender IP address. If the IP address is not one mentioned above, your email environment may be re-routing the emails through a filtering system that changes their originating IP address.
- Solution: A Receive connector should be configured. Please ask more from Hoxhunt Support.