Introduction
Exchange connectors should be used for delivery of PHISH emails. The use of a connector allows for a robust delivery method for PHISH emails by doing the following:
Bypassing of Microsoft grey listing and rate limiting which can come into effect when delivering large amounts of email over a short period of time.
Simplifies the allow listing configuration when external mail scanning appliances are in use.
To ensure email delivery remains secure, our emails are still signed using DKIM with appropriate SPF records in place. The IP addresses referred to in the article are reserved for CybSafe use only and are only used for delivering PHISH emails only.
Configuration of the Advanced delivery for phishing simulation must also bve followed here.
Creating the connector
Note: You will need to have Exchange administrator rights to perform these actions.
Navigate to the Exchange configuration console by either:
Within the Microsoft 365 admin centre > Show all (left hand menu) > Exchange > Expand Mail flow > Connectors
Under Connectors select "Add a connector"
On the "New connector" page select "Partner organization" and click next
On the "Connector name" page, give the connector an appropriate name such as "CybSafe PHISH", enter a description if you wish and ensure "Turn it on" is selected, then click next
On the "Authenticating sent email" page, choose the verify by IP address option and enter the IP address listed in "Allow list for receiving emails", then choose next
Just to note that this screen shot is correct as of July 2024, please check the linked help article for an up to date list of IP addresses to allow list.
On Security restrictions, ensure that "Reject email messages if they aren't sent over TLS is selected".
On review connector page, it should look similar to the following, once you're happy click create connector which should present a "connector created" message, then click close
Domain configuration
Once the above connector is in place, you need to configure the email routing within the CybSafe Platform.
For each domain you want to deliver email via the connector, we will need the Microsoft 365 MX record associated with the domain. To get the MX record for each domain, do the following:
Navigate to the Microsoft 365 domain configuration page by either:
Within the Microsoft 365 admin centre, under settings click Domains
For each domain, click on the entry, navigate to the DNS records tab and make note of the value next to the MX type.
Email a table similar to the following to [email protected] with the subject line of Exchange connector, the Support Team will be able to make the required configuration changes and will confirm once they are done.
Once the Support Team has confirm the settings are in place PHISH email will be delivered directly to the Microsoft 365.
Domain | MX |
domain-one.com | domain-one-com.mail.protection.outlook.com |
domain-two.com | domain-two-com.mail.protection.outlook.com |
Microsoft documentation
Microsoft documentation for configuring an Exchange connector can be found at the following link