This article guides you through setting up your Expel Managed Phishing service.
Before You Start
Review the customer questionnaire.
Quick Links
Setup includes the following steps (select any step for detailed instructions):
Step 1: Add Expel Email Communications to Your Allow List
Establish trust by adding inbound and outbound emails to your allow list.
-
Outbound: custom forwarding email (provided by Expel): <companyidentifier>@expel-phishing.io.
-
Inbound: acknowledgement and outcome response emails from Expel: soc@expel.io.
Step 2: Forward Phishing Submissions
Expel includes phishing submission buttons for Microsoft 365 and Google Workspace for forwarding phishing emails.
Note
If the above button can't be deployed, you can forward your phishing inbox submissions to Expel with original phishing email as an EML attachment to the custom forwarding email destination provided by Expel.
To view the custom forwarding email destination:
Go to Organization Settings > My Organizations > Phishing tab. Then in the End user reporting button section, look for the Destination Address. If you see a setup dialog box instead of the End user reporting button section, press the Back button to close the wizard and you will be redirected to the End user reporting button section.
The Button Destination Address should be the short version of your Expel Organization name followed by @expel-phishing.io. You can find the short version of your Expel Organization name in the Workbench breadcrumbs. From this page, you’ll see Organization Settings > Your Short Name > Phishing.
In this example, "CEC" is the short name and cec@expel-phishing.io would be the custom forwarding email destination:
Next, send a test email submission to Expel using the customer forwarding email provided in the Button Destination Address field. Indicate in that email “This is a test for the Expel Managed Phishing service.”