Last updated Q4'2021: Microsoft reverted the change and no more limited the number of domains to be whitelisted.
Attention BullPhish ID customers (Oct 21),
Earlier this year, Microsoft announced that it was changing the behavior of override functions in Exchange Transport Rules (ETR) to high-confidence spam/phishing, including those from 3rd party phishing simulation campaigns.
As part of their Secure by Default push, ETRs no longer honor the bypass spam filtering option for high-confidence spam/phishing.
The replacement capability is Advanced Delivery and is now available to tenants for configuration, but it limits the list of allowed phishing simulation domains to 20. (Initially, Microsoft limited the number of allowed domains to 10 but increased it to 20 last week).
BullPhish ID has had 19 sending domains available for the phishing simulation campaigns. However, based on our partners’ feedback, we are reducing our list of sending domains to nine effective October 2021 because several of the 19 domains are either similar to an existing domain, could be replaced by an existing domain, or are invalid.
Here are the sending domains that will remain(highlighted in GREEN below):
We have removed the domains ON THE LEFT(highlighted in YELLOW). The removed domains have been replaced by the approved domains ON THE RIGHT(highlighted in GREEN), as follows:
Please feel free to reach out to the BullPhish ID Product Owner Latika Verma at email@example.com if you have any questions or concerns.