Skip to main content

How to whitelist phishing simulator domains in Microsoft365

This guide covers all the steps you need to ensure Phishing Simulator emails aren't flagged as spam in Microsoft 365.

Alan Butcher avatar
Written by Alan Butcher
Updated yesterday

Defense.com's Phishing Simulator allows you to put your people to the test by creating targeted, safe phishing campaigns. However, to ensure their success, the emails from these campaigns must be delivered successfully. To ensure this, we strongly recommend whitelisting the domain name used for the campaign with your email provider. If that's Microsoft365, you're in the right place.

Whitelisting a domain

To whitelist a domain, you'll need to modify your inbound spam policy. To do this:

  1. Click on Policies & rules in the left-hand menu

  2. Choose Threat policies

  3. Select Anti-spam inbound policy (Default).

  4. Scroll down and click on Edit allowed and blocked senders and domains.

  5. Click on Allow domains.

  6. Add the domain that you want to allow (whitelist).

    Please note: The domain is provided when selecting the template during the set up of the phishing campaign.

  7. Click Add domains.

  8. Click on Save.

From now on, emails sent from this domain will not be marked as spam.

Each phishing campaign uses a separate domain, so youโ€™ll need to make sure you have added them to your whitelist before you send any future campaigns.

That's it! You've successfully added the domain to the spam filter allow list. ๐ŸŽ‰

Did this answer your question?