I am a Sys Admin but email is not my specialty. We had an email admin who left the company, so I am just managing what I can in the interim. We have a request to whitelist a few domains in Office365. Our Info Sec is using a Security Awareness cloud solution product called Wombat. See PDF attached for whitelisting requirement (make reference to North America) from Wombat. If we configure this appropriately, legit phishing email will be sent to our user's inbox, and not land in the spam list or junk email folder.
I need to know if I am taking the right steps. Please use the PDF as a guide to confirm if I am taking the appropriate steps:
1. From EAC, do I go to Protection
> Spam filter
> and doubleclick Default
2. In the PDF for where it outline Phishing Domains,
do I include all the North America Phishing Domains
under Allowed Sender
or Allowed Domain
? Also, if I do need to add it to Allowed Sender
, should it be entered as (e.g. *@4ooi.co or just simply 400i.co)?
3. If I should create a new spam filter policy, instead of the default, What should the setting in the drop down be for Spam
What would the setting be for High confidence spam
4. What would i need to include in the yellow highlighted area?
5. Would I need to adjust anything in the below?
6. Viewing the PDF attached, where in EAC would I include the Platform Assignment Notifications Mail Servers
? Wherever I need to include it in EAC, is it best to input the IP rather than the Domain Names?