These instructions help administrators to create a mail flow rule (also known as transport rule) to detect Hoxhunt simulation emails and Bcc a specific mailbox. There may be many reasons to implement this, one being that it helps SOC operators more easily detect and track Hoxhunt simulations sent to company's employees.
Hoxhunt can hide a static custom string to its simulation emails which you can then utilise to implement various mail flow rules. Even though the string is in the email content, it is not obviously visible to an average user.
IMPORTANT: Make sure the Bcc'd mailbox or its user doesn't perform any scans to the fail links in the Hoxhunt simulation emails! This can trigger the simulation to fail before the intended recipient has had the opportunity to react on it.
TIP: We recommend setting up a separate mailbox for Bcc'd Hoxhunt simulations for easier identification.
Basic logic of the mail flow rule:
- Email is sent from external address by Hoxhunt
- Email recipient is inside your organization
- Email contains the custom Hoxhunt string
- Bcc recipient is added to the email, sending a copy of the email to another mailbox
How to implement the mail flow rule?
Contact your Customer Success Manager or Hoxhunt Support (firstname.lastname@example.org). Decide on a custom string to add into your Hoxhunt simulation emails.
TIP: If Hoxhunt has already set up a custom string for you for other purpose, you can re-use it!
If you are configuring M365, log in to M365 and navigate to Admin > Admin Center > Exchange -> Mail flow -> Rules (https://admin.exchange.microsoft.com/#/transportrules)
If you are configuring on-premise Exchange, log in to Exchange Admin Center.
Under mail flow, select rules and create a new rule.
Name the rule: Add Bcc to every Hoxhunt simulation
Apply this rule if...
- The sender is located -> Outside the organization
The subject or body matches these text patterns -> [custom string agreed with Hoxhunt]
Do the following...
Bcc the message to -> [mailbox set up for Bcc'd simulations]
Hoxhunt simulation will be Bcc'd to the specified mailbox
TIP: You can utilise the hidden string to create any kind of rule that best suits your needs.