How to Whitelist ThreatCop in Exchange 2013 and 2016 or Office 365?

How to Whitelist ThreatCop in Exchange 2013 and 2016 or Office 365?

For whitelisting ThreatCop in your Exchange 2013 and 2016 or Office 365 environment, you will have to whitelist ThreatCop’s IP addresses and set up a mail flow rule to allow incoming emails to bypass both the Clutter folder and Microsoft’s EOP spam filter. It may take 1-2 hours to reflect the new rules.


The IPs to be whitelisted here are:
  • 104.211.88.134        

  • 168.245.74.19

To whitelist ThreatCop, just follow these simple steps:

For Whitelisting IP Addresses

Step 1: Login to your mail server admin portal and go to Admin


Step 2: Click on Exchange on the left panel


Step 3: Click on Connection Filter option under the Protection section


Step 4: Click on the edit icon to edit the connection policy 


Step 5: Click on Connection Filtering > + icon > Allowed IP Address >  Add the following ThreatCop’s IP addresses one by one.


Step 6: Once done, click on Okay and Save


For Surpassing Clutter Folder and Spam Filtering

Step 1: From the Exchange Admin Centre, select Mail Flow on the left-hand menu


Step 2: Click on the + icon under the Rules section. Then, select Bypass Spam Filtering


Step 3: Click on the  + icon and select The Sender. Then, select IP addresses is in any of these range or exactly matches


Step 4: Enter all ThreatCop’s IPs and click on OK


Step 5:  Click on the Do the Following drop-down menu and select Modify the Message Properties. Then, click on Set a Message Header


Step 6:  Click on *Enter text* to set the message header.  Enter the following: “X-MS-Exchange-Organization-BypassClutter“


Step 7: Once entered, click OK


Step 8: Click on ‘to the value’ > *Enter text* > Enter “true” > Click on OK


For Bypassing the Junk Folder (Office 365 Only)

Step 1: Select Bypass Spam Filtering


Step 2: Give the rule a name, for instance-“Junk Filtering”


Step 3: Click on Apply this rule if and select The Sender from the drop-down menu. Select IP address is in any of these ranges or exactly matches


Step 4: Enter all of ThreatCop’s IP addresses


Step 5: Click on the Do the following drop-down menu and click on Modify the message properties. Then, select Set a Message Header


Step 6: Click on the *Enter text*  and enter the following text: “X-Forefront-Antispam-Report“. Then, click OK


Step 7: Click on ‘to the value’ > *Enter text* > Enter “SFV:SKI;”. 


Step 8: Once done, click OK


Step 9: Under the Properties of this rule section, set the priority to directly follow the rule you created in the Bypassing Clutter and Spam Filtering section



    • Related Articles

    • What are the prerequisites for ThreatCop?

      1. Add a list of targeted employees in the sample CSV format. (First Name and Email are mandatory parameters, other fields are optional) 2. Whitelist the below-mentioned IPs on the Firewall, Web Applications and on all your gateway solutions : ...
    • How to Whitelist Threatcop IP in Lotus Domino.

      Kindly follow the steps outlined below to whitelist the IP in LOTUS : Step 1 : Open Domino Administrator : Go to Start > Programs > Lotus Domino > Domino Administrator. Step 2 : Navigate to the Server Document : Click on the Configuration tab, then ...
    • How to Whitelist ThreatCop in Fortigate?

      To whitelist ThreatCop in Fortigate’s Static URL Filter, follow the steps given below: Step 1: Security Profiles > Web Filter Step 2: Create a new web filter or select one to edit Step 3: Expand the Static URL Filter, enable the URL Filter and then ...
    • How to Whitelist ThreatCop in Barracuda?

      To whitelist ThreatCop’s IPs inBarracuda, you will have to follow the steps given below: For Barracuda’s Email Security Service (Cloud-based Version) Step 1: Log in to your Barracuda Cloud Control. Step 2: Go to Email Security > Inbound Settings > IP ...
    • How to Whitelist ThreatCop in McAfee?

      If you are using McAfee, a cloud-based spam filtering solution, you will have to whitelist ThreatCop IPs to allow the tool to send phishing and knowledge assessment emails to your employees. Follow these steps to modify your “police-level” and allow ...