Riot sends phishing e-mails. Therefore, without proper configuration, some of these e-mails would not pass Microsoft’s spam filter. This would be unfortunate because it would compromise your campaign statistics.
The following guide explains how to avoid this phenomenon, and to allow your campaigns to run smoothly.
Did you know? Unlike Riot, hackers would have no problem bypassing your spam filter by exploiting legitimate email servers, which Riot cannot afford to do.
1. Open Exchange admin
To whitelist Riot, you will need to add the IP address we use to send emails. Go to Exchange admin center and open Mail flow > Rules.
2. Create the bypass rule
Now click the + Add a rule > Create a new rule.
3. Whitelist the IP address
The IP address we will use to send our emails is 159.135.234.25. This IP address is dedicated to Riot and won’t be used by any third parties.
First, start by naming the rule: the name doesn’t really matter, Call it "Riot bypass" for instance.
Then, you will need to apply this rule for the reserved IP address 159.135.234.25. To do that, in the Apply this rule if… list, select The sender….
And then IP address is in any of these ranges or exactly matches.
Add IP 159.135.234.25 and save.
4. Add an additional header
From time to time, some links sent by Riot might be flagged as suspicious. That’s why we suggest to add an additional header to prevent that from happening.
To do that, select Modify the message properties… and then set a message header.
Then on the right, call the property X-MS-Exchange-Organization-SkipSafeLinksProcessing.
Set the value to 1.
You’re all set now, so don’t forget to Save the rule.
5. Activate the Phishing simulation feature
Microsoft released recently an additional setting that makes it very easy to whitelist Riot emails. Go to the Advanced delivery options and click on Edit.
It will open a side panel. In there, you will have to enter both the domain name noreply.link we use to send phishing emails and the IP address 159.135.234.25. Finally, add the domains .loginprotect.net/ and .loginform.net/ and .noreply.link/ hosting our phishing pages.
Once added, click on Save
6. Modify the block/allow list
To fully allow emails sent from our sending IP, we need to add one last parameter, for this go to this page and click on Add.
This will open a side panel. You must enter the following information *, 159.135.234.25 This allows all senders from Riot's sending IP to be authorized.
Once added, click on Add and here we go!
7. Add Riot phishing page URL to Safe Links
To avoid blocking our Riot phishing urls by Microsoft Defender, We need to add a configuration in Safe Links, go to this page and click on Create.
Once clicked, a page opens, you will have to pick a name for your safe links policy, eg. "Riot Safe links Policy"
Add the audience you want to send phishing emails to in the next section, It can be users, groups or domains.
Then, take some time to carefully follow those settings in the picture below 👇
Click on "Manage URLS" and add the urls in the picture below 👇
Then click "next" and choose default for notification.
Then click "next" and "finish".
8. Try it out
Now that you have configured Microsoft Outlook to receive Riot emails, go back to the platform and test the configuration.
Please note: the configuration may take a few minutes to propagate. If everything is well configured and you encounter a problem, wait 10 minutes and try again.