This release of BullPhish ID comprises a few documentation updates, a few enhancements, and a few bug fixes.
Guides & FAQ:
- We have updated the following guides to show the New NAT IP address "188.8.131.52":
- Google Admin Whitelisting Version 2.7.
- Configuration Guide for Office 365 Setup & Microsoft Defender Version 4.2.
- Reference Guide for Deliverability Version 4.1.
- We have modified the Directory Sync G-Suite v1.8 guide to update the link to perform the Google Workspace Domain-Wide Delegation of Authority.
- The Google Admin Whitelisting Guide is now updated to the new version 2.7 to include steps to Support proper tracking of Email Opened status.
1. Earlier this year, Microsoft announced that it was changing the behavior of override functions in Exchange Transport Rules (ETR) with respect to high-confidence spam/phishing, including those from 3rd party phishing simulation campaigns.
As part of their Secure by Default push, ETRs no longer honor the bypass spam filtering option for high-confidence spam/phishing.
The replacement capability is called Advanced Delivery and is now available to tenants for configuration, but it limits the list of allowed phishing simulation domains to 20. (Initially, Microsoft limited the number of allowed domains to 10 but increased it to 20 as of last week).
BullPhish ID has had 19 sending domains available for the phishing simulation campaigns. However, based on our partners’ feedback, we are reducing our list of sending domains to nine effective October 21, because several of the 19 domains are either similar to an existing domain, could be replaced by an existing domain, or are invalid.
Here are the sending domains that will remain(highlighted in GREEN below):
We have removed the domains ON THE LEFT (highlighted in YELLOW) which has been replaced by the approved domains ON THE RIGHT (highlighted in GREEN), as follows:
2. Improved Tracking for Support: Additional logging was added to the system to track changes made to the organizational settings.
3. Edit Partner page has been redesigned.
1. Fixed vulnerability when an authorized user is able to edit landing pages via external tools.
2. Fixed problem with getting associated organizations on course page creation.
3. Security has been enhanced with access level updates. Users can now download data of their own and child organization using JSON format.
4. Security has been enhanced with access level updates. Users can now create target groups only for their child organizations.