Skip to main content

How to: Configure Exchange connector for phishing delivery

How to add an Exchange connector for phishing delivery

Sam Hopwell avatar
Written by Sam Hopwell
Updated over 2 months ago

Introduction

Exchange connectors should be used for delivery of PHISH emails. The use of a connector allows for a robust delivery method for PHISH emails by doing the following:

  • Bypassing of Microsoft grey listing and rate limiting which can come into effect when delivering large amounts of email over a short period of time.

  • Simplifies the allow listing configuration when external mail scanning appliances are in use.

To ensure email delivery remains secure, our emails are still signed using DKIM with appropriate SPF records in place. The IP addresses referred to in the article are reserved for CybSafe use only and are only used for delivering PHISH emails only.

Configuration of the Advanced delivery for phishing simulation must also bve followed here.

Creating the connector

Note: You will need to have Exchange administrator rights to perform these actions.

  1. Navigate to the Exchange configuration console by either:

    1. Within the Microsoft 365 admin centre > Show all (left hand menu) > Exchange > Expand Mail flow > Connectors

    2. Navigate to https://admin.exchange.microsoft.com/#/connectors

  2. Under Connectors select "Add a connector"

  3. On the "New connector" page select "Partner organization" and click next

  4. On the "Connector name" page, give the connector an appropriate name such as "CybSafe PHISH", enter a description if you wish and ensure "Turn it on" is selected, then click next

  5. On the "Authenticating sent email" page, choose the verify by IP address option and enter the IP address listed in "Allow list for receiving emails", then choose next

    Just to note that this screen shot is correct as of July 2024, please check the linked help article for an up to date list of IP addresses to allow list.

  6. On Security restrictions, ensure that "Reject email messages if they aren't sent over TLS is selected".

  7. On review connector page, it should look similar to the following, once you're happy click create connector which should present a "connector created" message, then click close

Domain configuration

Once the above connector is in place, you need to configure the email routing within the CybSafe Platform.

For each domain you want to deliver email via the connector, we will need the Microsoft 365 MX record associated with the domain. To get the MX record for each domain, do the following:

  1. Navigate to the Microsoft 365 domain configuration page by either:

    1. Within the Microsoft 365 admin centre, under settings click Domains

    2. Navigate to https://admin.microsoft.com/adminportal/home#/Domains

  2. For each domain, click on the entry, navigate to the DNS records tab and make note of the value next to the MX type.

  3. Email a table similar to the following to [email protected] with the subject line of Exchange connector, the Support Team will be able to make the required configuration changes and will confirm once they are done.

  4. Once the Support Team has confirm the settings are in place PHISH email will be delivered directly to the Microsoft 365.

Domain

MX

domain-one.com

domain-one-com.mail.protection.outlook.com

domain-two.com

domain-two-com.mail.protection.outlook.com

Microsoft documentation

Microsoft documentation for configuring an Exchange connector can be found at the following link

https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/use-connectors-to-configure-mail-flow

Related Articles
How to add CybSafe to your allow list
Explainer: How PHISH tracks opens & clicks
Report phishing button integration - Microsoft
Report phishing integration with CybSafe
How to Guide: PHISH allowlisting for Microsoft
Did this answer your question?