Allow List Mail Servers
      Back to home
      1. Knowledge Base
      2. Email Phishing
      3. Allow List Mail Servers

      Setting Up Direct Send for Simulated Phishing Emails in Office365

      How to set up Direct Send for Simulated Phishing Emails Office365

      Depending on your email infrastructure, you may need to set up Direct Sending. This is a process that allows our simulated phishing emails to be sent directly to your email servers, bypassing any other infrastructure that you have in place.

      This is best used if your email infrastructure is blocking simulated phishing emails, or if you're unable to use allow-listing.

       

      The following steps are required:

      1. Configuring a connector to allow mail directly from CultureAI
      2. Setting up advanced phishing delivery 
      3. Set up Safelinks 
      4. Add your MX record into CultureAI

      Office 365 connector

      1. Head to your Microsoft Admin Connectors panel 
      2. Select “Add a connector
      3. Select “Partner organisation
      4. Add a name and description: 
         
      5. Leave “Turn it on” enabled.
      6. Select verify by IP address and enter the following 3 IP addresses:
        18.168.112.23
        18.169.30.9
        18.169.49.67
         
      7. Leave “Reject email messages if they aren’t sent over TLS” enabled.

        Review and save

       Add trust for inbound connector traffic

      1. Head to: https://security.microsoft.com/antispam
      2. Select “Connection filter policy (Default)
      3.  Add the 3 mail server IP's to the allow messages list:
        18.168.112.23
        18.169.30.9
        18.169.49.67

      Review and save
       

      Advanced Phishing Configuration

      1. Access the Microsoft 365 defender portal on the following URL: https://security.microsoft.com/
      2. Browse to Policies & Rules > Threat Policies > Advanced Delivery > Phishing Simulation and add the 3 mail server IPS and the domain ‘culture.ai’:
        18.168.112.23
        18.169.30.9
        18.169.49.67 
      3. Add culture.ai as the sending domain

        Review and save

      Allow-list SPAM/Safelinks

      Please see Microsoft's full guide for safelinking here.

      Add the following additional IP addresses to your existing CultureAI mail flow rule:
      • 18.168.112.23
      • 18.169.30.9
      • 18.169.49.67

      Get Domain Settings and apply them in CultureAI

      1. Browse to: https://admin.microsoft.com/
      2. Under "Settings" and "Domains" select your MX value from your primary domain under the "DNS records" tab
      3. Copy the MX record value. 
        This usually ends in "mail.protection.outlook.com" or similar. 
        If you have multiple MX records, such as Mimecast ones, ensure that use the Outlook record. Any other record will not work for Direct Send
      4. Head to the Direct Send settings tab in the CultureAI admin dashboard here
      5. Enter the MX record into the box
      6. Click "Save"
      7. You're done! This can take up to 24 hours to apply, so you may still see phishing simulations being blocked until then.

      If your Direct Send domain is different to the domain you have set up in Domain Scanning Direct Send will not work, please reach out to success@culture.ai to get this domain added to your scanning.