This document will cover how to allow our spoofed phishing emails to reach your users via email header whitelisting in your Exchange 2010 environment.


Whitelisting is necessary so that we can send out spoofed phishing emails that bypass your mail filter. Normally we recommend whitelisting by IP address or hostname. But depending on your system configuration (for example, if you use a cloud-based spam filter), whitelisting by header may be the most appropriate way to ensure that test phishing emails reach your users. Also be sure to whitelist our IPs in your spam filter.


We recommend that you set up a test phishing campaign to yourself or a small group after following the steps below to ensure your whitelisting is successful. The setup can take up to an hour to propagate to all users, so wait at least an hour before testing.


Instructions for setting up these rules are shown below:


1) Open the Exchange Management Console (EMC).

2) Expand Organization Configuration on the left-hand side, and click Hub Transport.

3) Under Actions on the right-hand side, select New Transport Rule.


4) Enter a name for your New Transport Rule, such as "ATTACK Simulator", and click Next.


5) In Step 1, select condition "when the message header contains specific words". Beneath Step 2, complete the following steps. 


    a. Select message header and type in the header. The default ATTACK Simulator header is "x-ats-simulation".  

    b. Select specific words and then enter "true".

    c. Click Next



6) In Step 1, select action "set the spam confidence level to a value". In Step 2, set the Spam confidence level (SCL) threshold to -1. Click Next.

7) Click Next to create rule, then select New to continue.