Introduction
To ensure the effectiveness of CultureAI’s simulated phishing campaigns, it’s crucial to ensure that our emails are delivered reliably to your organisation’s end-users. This guide provides best practices for email deliverability, including IP address whitelisting, DKIM configuration, and recommended email delivery methods.
Delivery Methods for Simulated Phishing Emails
The CultureAI platform offers multiple delivery methods for sending simulated phishing emails. We generally recommend using the CAI-MTA (Culture AI Mail Transfer Agent) method, as it offers robust deliverability features and simplified configuration. However, others options like Direct Application and Gmail Direct Inject are available for specific use cases.
How to Configure Email Deliverability for Simulated Phishing in CultureAI
Step-by-Step Guide to Setting Up Email Deliverability
To ensure your simulated phishing emails are delivered reliably to your organisation's end-users, follow the steps below to configure email deliverability settings within the CultureAI platform.
- Navigate to Email Deliverability Settings
- Log in to the CultureAI platform.
- Go to the Telemetry section in the left-hand menu.
- Select Attack Simulations.
- Click on Simulated Email Phishing.
- Open the Email Deliverability tab.
- Configure Email Delivery Methods
Available Delivery Methods
- CAI-MTA (Recommended)
How to Enable
-
-
-
- Toggle the CAI-MTA switch to On.
- Toggle the CAI-MTA switch to On.
-
-
- Gmail Direct Inject
This method uses your Gmail data source to write emails directly to users' inboxes, bypassing traditional email infrastructure.
How to Enable- Toggle the Gmail Direct Inject switch to On.
- If not already configured, ensure the Gmail data source is set up in the platform under Telemetry > Your Tech Stack > Google Gmail.
- Once configured, CultureAI will attempt to directly deliver phishing simulation emails to Gmail inboxes. If a Gmail user cannot be found for a recipient, the platform will default to another enabled delivery method.
- Toggle the Gmail Direct Inject switch to On.
-
Legacy Direct Application (Deprecated, previously DirectSend)
The legacy Direct Application option may still be visible, but if it is disabled, you cannot re-enable it.
- Important: If this option is currently On, consider transitioning to one of the supported delivery mechanisms for future-proofing and enhanced deliverability.
3. Configure Mail Server Override
For CAI-MTA and Direct Application delivery methods, you can configure a Mail Server Override to bypass the default MX records and send simulated phishing emails directly to your internal mail server.
How to Set Up Mail Server Override:
- Locate the Mail Server Override section under the email delivery options.
- Enter the hostname or IP address of your mail server.
- Click Save to apply the changes.
4. Whitelist the Required IP Addresses
After configuring your email delivery methods, you’ll see a dynamically generated list of IP addresses under the IP Address Whitelist section.