We've all experienced Microsoft 365 being overprotective.

Let's look at three ways to whitelist HacWare domains to ensure your end-users receive the training emails.

How to Whitelist in EOP Anti-Spam Protection?


When an email is delivered, it passes through multiple layers of filtering.
Follow the steps below to ensure the training content successfully passes through these, it is delivered to the recipient.

Image Credit: Microsoft Exchange Online Protection (EOP) overview - Office 365 | Microsoft Docs
  1. Open the Exchange Admin Center.

2. Select Mail Flow, then Rules, and click the + to add a rule

3. Click the Bypass Spam Filtering rule

5. Create a new rule or edit an existing rule by doing the following:

  • Give the rule a name.
  • Select the "Sender's IP address is in the range" option under the "Apply this rule if..." and specify the IP address ranges: 149.72.222.44
  • Select the Plus icon
  • Select the OK button
  • Finally, select the Save button

6. Ensure Bypass spam filtering is enabled like the screenshot below.

You can read more about this feature here: Exchange Online Protection (EOP) overview - Office 365 | Microsoft Docs


How to Whitelist in EOP Anti-Phishing Protection?

HacWare's spoofing technology may trigger EOP Anti-Phishing and Anti-Spoofing protection.  To ensure your users are trained to spot spoofed phishing emails, please follow the steps below.

  1. Open the Microsoft 365 Security Center.
  2. Select Email & collaboration
  3. Then Policy & rules
  4. Under Policy & rules, select Threat policies

5. Click the Threat policies

6. In the Rules section. To go directly to the Advanced delivery

7. On the Advanced delivery page, select the Phishing simulation tab, and then do one of the following steps:

  • Click Edit.
  • If there are no configured phishing simulations, click Add.

7. Add the Domain em9676.hacware.com  and Sending IP 149.72.222.44

When you're finished, do one of the following steps:

  • First time: Click Add, and then click Close.
  • Edit existing: Click Save and then click Close.

You can read more about this feature here: Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes


How to create a Microsoft 365 Allow List for HacWare Spoof intelligence?

This new feature improves whitelisting phishing security tests and prevents certain errors, such as the “We could not verify the identity of the sender” error, from occurring.  We recommend that you use the full infrastructure wild-carding method as this is the easiest method to whitelist all emails from HacWare.

You can allow any domain spoofing from our mail server by using an IP address. Enabling domain spoofing allows any email sent from our mail server to bypass the spoof intelligence policies that would otherwise be imposed on inbound mail flow.

You can use the examples provided below and in the following sections to whitelist different types of emails for your organization, including emails from HacWare.

  1. Log in to your Microsoft 365 account and select Admin from the menu on the left.
  2. From the Microsoft 365 Admin Center, click Security under Admin centers. Alternatively, log in to your Microsoft 365 Defender portal.
  3. In the Microsoft 365 Defender menu, click Policies & rules under Email & Collaboration.
  4. Select Threat Policies.
  5. Click on Tenant Allow/Block Lists.
  6. Click on the Spoofing tab.
  7. Click Add
  8. Type *, 149.72.222.44
  9. Under Spoof Type, Select Internal
  10. Under Action, Select Allow
  11. Click Add.

Final Thoughts

With these tips, you will ensure your users will be able to receive all their HacWare training emails.  If you need further assistance, please reach out to our support team at support@hacware.com.


Learn more about HacWare at hacware.com. If you are a Managed Security Service provider (MSSP) or IT professional, we would love to automate your security education services, click here to learn more about our partner program.