Categories: CyberHoot

HowTo: Allow-List CyberHoot’s AttackPhish Simulation Servers in M365

Table of Contents

Detailed Instructions From Microsoft:

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide
Once you click the link above, follow the instructions under the “Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy” heading.

Detailed Instructions From CyberHoot:

Allow-List by X-Header in M365

Once you click the link above, make sure to follow all the steps from beginning to end of the page. Also make sure to get the most up-to-date list of CyberHoot servers below.

CyberHoot’s Email-Relay IP Addresses

The required IP address and Domain name information is found in this HowTo article:

CyberHoot Email-Relay IP Addresses, Domains, and Allow-Listing Articles

*If you are planning on sending AttackPhish simulation tests to your clients, you will need to have them allow-list all our email relays shown in the list.

HowTo: Fix False Opens and Clicks in AttackPhish Reports

Why Does My AttackPhish Report Show Users Opening and Clicking Emails They Never Saw? Overview If you’re seeing users listed as having opened and clicked phishing emails within seconds, or even before they could have possibly opened them, don’t worry. Your users aren’t lying, and nothing is broken. What you’re seeing is a byproduct…

November 10, 2025

In "CyberHoot"

HowTo: PowerShell Script for Safe Links Configuration in M365

What This Script Does Configures Microsoft 365 to allow CyberHoot phishing simulation emails to bypass security filters while maintaining protection for real threats. It handles two critical configurations: Advanced Delivery – Allows CyberHoot simulation emails through spam/phishing filters Safe Links – Prevents Microsoft from rewriting/clicking simulation URLs (eliminates false click reports) Prerequisites…

January 23, 2026

In "CyberHoot"