LUCY allows you to create filters within the campaigns that determine whether the victim is allowed to access the campaign. According to the rules set by the campaign administrator requests from certain mail clients, IP-addresses or IP-ranges are either denied or allowed to access the campaign. Filters can be defined within the particular campaign “Campaign Name” → Advanced Settings → Filters.
There are three policies available:
- Allow all (default) - allows all recipients to access the campaign, regardless of their IP address and browser.
- Allow only - allows only recipients that have an IP address or browser that matches one of the rules you add below, all other recipients will be blocked.
- Deny for - denies the access for recipients that have an IP address or browser that matches one of the rules you add below, all others will be allowed.
In order to set the rule, choose the desired policy, and click Add, then choose the filter criteria (IP or User-agent) and click Save after.
Preventing false clicks by Office 365 Advanced Threat Protection service
In case there are strict policies within the network one is able to use filters in order to provide clear statistics gathering. For example, ATP policies for Office365 track user's clicks on phishing links and rewrite suspicious URLs. Thus, the first request to Lucy server is made by Microsoft services, and this request counts as the one made by the victim. As a result, unreliable statistics are gathered.
In order to avoid such an issue, one might use filters feature and deny access for certain IP-addresses that belong to Microsoft protection services. IP-ranges for O365 ATP service are: 220.127.116.11/16 and 18.104.22.168/16
Please note that the IP-ranges may vary from client to client and those from above are known by the LUCY team. In case aforementioned policies do not work, one will have to track which IP-addresses requests are made from. Otherwise, contact the support in order to receive help.