Trust-listing is an important facility for the successful implementation and usage of the SafeTitan Platform. All clients of the SafeTitan platform MUST trust-list our mail server to allow the successful delivery of Mock Phishing and Training emails.
This is a requirement for all mail service providers.
Note: These instructions cover Outlook 365. Other mail server instructions can be made available upon request.
To successfully trust-list our mail server you must carry out two tasks.
Step 1 - Add SafeTitan Mail server to your allowed mail list
Step 2 - Allow SafeTitan mail bypass your spam filter - SENDER IPs
Step 3 - Allow SafeTitan mail bypass your spam filter - DMARC & Message Header X-ETR
Step 1 - Add SafeTitan Mail server to your allowed mail list
- Logon to Microsoft 365 admin center
- Expand the "…Show All" option on the left hand menu
- Click on "Security" in the left hand menu
- Click on "Policies & Rules"
- Click on "Threat policies"
- Click on the Anti-Spam link under Policies.
- You are now in your Office 365 Anti-Spam settings.
- Click on Connection filter policy (Default).
- You will see a side window open titled "Connection Filter Policy (Default)".
Click on the Edit Description link and give the policy a suitable name / description (e.g. CRA / SafeTitan trust-listed IPs or similar). - Then click on the Edit connection filter policy link under Connection Filtering.
- Please add the following IP addresses (192.254.120.51 and 168.245.104.162) into the box labelled "Always allow messages from the following IP addresses or address range".
Please enter one at a time and then hit the TAB key to save, which will then allow you to add the next one (of two). - Finally, click Save, then Close.
Step 2 - Allow SafeTitan mail bypass your spam filter – SENDER IPs
- Log onto the admin portal on your mail server.
- Select the Admin menu item.
- You will now be in the Microsoft 365 admin centre.
- Please expand the “… Show all” section.
- Select / Click on the Exchange sub-menu item.
- You are now in your Office 365 Exchange admin centre Dashboard.
- Look for the "mail flow" section on your dashboard.
- Under the Mail flow header on the Admin menu, select "Rules"
- Select the "+ Add a rule"(underneath rules) and select "Create a new rule".
- Keep the Spam Confidence Level setting as SCL -1 after clicking the plus icon
- Give the rule a suitable name by typing it in to the Name: field (e.g. CRA Spam Filter Rule).
- Click on the *Apply this rule if... dropdown and then select "The Sender..".
- You will see a pop out list - please then select the "IP address is in any of these ranges or exactly matches" sub item.
- A pop-up window will appear titled "specify IP address ranges".
- Please add the following IP addresses "168.245.104.162" & "192.254.120.51" for this rule by entering them one at a time in the textbox and clicking the plus icon. When both are added, click on the OK button.
- You will now see that the IPs have been added.
- The next thing to do is to click on the Add Action button that appears underneath this.
- From the resultant dropdown menu titled Select one, select Modify the message properties... and finally set a message header.
- You will need to click on both instances of 'Enter Text' to set the Message Header and value properties. These appear to the right of the dropdown labelled Set the message header to this value...
- Click on the first instance of Enter Text to set the Message Header. Please enter this exact text noting that it is case sensitive:
X-MS-Exchange-Organization-BypassClutter - Click OK
Then click on the second instance of Enter Text to set the Header value. Please enter this exact text noting that it is case sensitive:
true - Click OK
Click on "Save".
Step 3 - Allow SafeTitan mail bypass your spam filter - DMARC & Message Header X-ETR
These instructions essentially follow the Microsoft instructions here (starting with the heading (Recommended) Use mail flow rules and ending just before Use Outlook Safe Senders.
Use the same IP addresses and domains listed above.
- From the Exchange admin centre, select mail flow
- Click the (+) button beneath Rules
- Select Create a new rule...
- Give the rule a name, such as "DMARC Skip filtering for all 21 CRA domains"
- From the Apply this rule if.... select The Sender... then domain is and you will see a pop-up box entited specify domain.
- Add all 19 SafeTitan domains below, one at a time. Where you type in / copy and paste a domain, you will need to click on the plus icon to add it.
- e-messsage.com
- emesssages.com
- e-citrix.com
- ecompliants.com
- e-compliants.com
- e-faax.com
- eonline-shopping.com
- e-outlook-online.com
- e-owa.com
- evpnn.com
- e-vpnn.com
- orders-processed.com
- storage-limit.com
- docusine.com
- barclaysbanksonline.co.uk
- docs-google.com
- it-admingroup.com
- it-companyadmin.com
- it-securegroup.com
- it-securemail.com
- bitliy.co
- order-processed.com
- corp-benefits-online.com
- advanced-documents.com
- delivery-details.com
- it-communications.com
- keeper-secure.com
- Once all 22 domains are added, click the OK button.
- Click the Add condition button
- Select from the Select One dropdown and select The Sender... then is external/internal and then you will see a select sender location dialog - select Outside the organization
- Click the Ok button.
- Click the Add condition button.
- From the new Select one dropdown, click on A message header... then includes any of these words
- You will see two clickable links to the rights of this dialog - Enter text... and Enter words
- When you click Enter text... you will see a text entry box titled "specify header name"
- Enter Authentication-Results
- Then click on the Enter words... you will see a test entry box titled "specify words and phrases"
- Enter the value dmarc=pass and click the plus icon
- Enter the value dmarc=bestguesspass and click the plus icon
- Click the OK button
- Click the Add condition button
- Select from the Select One dropdown and select The Sender... then IP address is in any of these ranges or exactly matches
- You will see a clickable Enter IPv4 or IPv6 addresss... link:
- Please add the following IP addresses "168.245.104.162" & "192.254.120.51" for this rule by entering them one at a time in the textbox and clicking the plus icon. When both are added, click on the OK button.
- Click the *Do the following button
- Select from the Select One dropdown and select Modify the message properties... then set the Spam Confidence Level (SCL) to Bypass spam filtering
- Click OK
- Click the add action button
- Select from the Select One dropdown and select Modify the message properties... then Set a Message header
- Click on the "Enter text..." label and enter
X-ETR
- Click OK
- Click on the "Enter text..." label and enter
Bypass spam filtering for authenticated CRA Domains (21)
(or whatever you wish) - Finally, click Save. Your results should look something like the following:
Congratulations. You are now ready to create your first SafeTitan security evaluation and Training email Campaigns.