Email Deliverability
      Back to home
      1. Knowledge Base
      2. Email Phishing
      3. Email Deliverability

      Ensuring Deliverability for Simulated Phishing Emails

      Introduction

      To ensure the effectiveness of CultureAI’s simulated phishing campaigns, it’s crucial to ensure that our emails are delivered reliably to your organisation’s end-users. This guide provides best practices for email deliverability, including IP address whitelisting, DKIM configuration, and recommended email delivery methods.

      Delivery Methods for Simulated Phishing Emails

      The CultureAI platform offers multiple delivery methods for sending simulated phishing emails. We generally recommend using the CAI-MTA (Culture AI Mail Transfer Agent) method, as it offers robust deliverability features and simplified configuration. However, others options like Direct Application and Gmail Direct Inject are available for specific use cases.

      How to Configure Email Deliverability for Simulated Phishing in CultureAI

      Step-by-Step Guide to Setting Up Email Deliverability

      To ensure your simulated phishing emails are delivered reliably to your organisation's end-users, follow the steps below to configure email deliverability settings within the CultureAI platform.

      1. Navigate to Email Deliverability Settings
        • Log in to the CultureAI platform.
        • Go to the Telemetry section in the left-hand menu.
        • Select Attack Simulations.
        • Click on Simulated Email Phishing.
        • Open the Email Deliverability tab.
      2. Configure Email Delivery Methods

      Available Delivery Methods

      • CAI-MTA (Recommended)
      Utilises CultureAI’s mail transfer agent (MTA) to send emails from CultureAI’s own email infrastructure, ensuring strong deliverability and ease of setup.
      How to Enable
            • Toggle the CAI-MTA switch to On.
      • Gmail Direct Inject
        This method uses your Gmail data source to write emails directly to users' inboxes, bypassing traditional email infrastructure.
        How to Enable
        • Toggle the Gmail Direct Inject switch to On.
        • If not already configured, ensure the Gmail data source is set up in the platform under Telemetry > Your Tech Stack > Google Gmail.
        • Once configured, CultureAI will attempt to directly deliver phishing simulation emails to Gmail inboxes. If a Gmail user cannot be found for a recipient, the platform will default to another enabled delivery method.

      • Legacy Direct Application (Deprecated, previously DirectSend)

        The legacy Direct Application option may still be visible, but if it is disabled, you cannot re-enable it.
        • Important: If this option is currently On, consider transitioning to one of the supported delivery mechanisms for future-proofing and enhanced deliverability.

      3. Configure Mail Server Override

      For CAI-MTA and Direct Application delivery methods, you can configure a Mail Server Override to bypass the default MX records and send simulated phishing emails directly to your internal mail server.

      How to Set Up Mail Server Override:

      • Locate the Mail Server Override section under the email delivery options.
      • Enter the hostname or IP address of your mail server.
      • Click Save to apply the changes.

      4. Whitelist the Required IP Addresses

      After configuring your email delivery methods, you’ll see a dynamically generated list of IP addresses under the IP Address Whitelist section.