If you use Advanced Delivery Policy as described in Microsoft’s documentation, you do not need to manage SPF or DMARC for phishing simulations—the policy ensures they are delivered regardless.
When whitelisting Nimblr phishing simulations using Advanced Delivery Policy in Microsoft Defender for Office 365, you do not need to consider SPF, DKIM and DMARC.
Why?
Advanced Delivery Policy is designed to ensure Nimblr phishing simulations reach users’ inboxes without being blocked by Microsoft’s security filters. When you configure this policy:
- Emails matching the specified sender address (or domain) are treated as simulated attacks.
- They bypass security features such as Safe Links, Safe Attachments, and Microsoft’s anti-phishing filters.
- SPF, DKIM, and DMARC checks are not affected, as the policy explicitly exempts these emails from filtering.
What does this mean in practice?
- You do not need to configure SPF, DKIM or DMARC records to ensure delivery.
- Simulations will be delivered correctly even if they would otherwise fail SPF or DMARC policies.
- However, it is still good practice to ensure proper email configuration for other use cases.