Direct Message Injection is an alternative delivery method for Phishing and Ransomware simulation emails.
Instead of going through the traditional SMTP email route, with DMI, the message is directly inserted into the recipients' inboxes.
This is made possible through a secure API link between SMARTFENSE and the email service provider.
Sending simulations with DMI is available for all organizations using Microsoft (Outlook) or Google (Gmail) as their corporate email service providers.
There are usually multiple security barriers between the simulation platform and the corporate email server.
In this context, ensuring proper email delivery requires whitelisting in each of the security tools involved.
With DMI, this process is considerably simplified.
The whitelisting process can be divided into two main groups:
Whitelisting for the correct reception of simulation emails.
Whitelisting for access and navigation of simulated Phishing websites.
Another advantage of DMI is that emails often remain free from automatic warnings added by some email clients.
For example, in Gmail, it's common for simulation emails to display a warning: "This message was not sent to Spam in accordance with your organization's settings".
The issue with these warnings is that they are independent of the simulation tool used and cannot be removed through whitelisting or other configurations.
The only way to ensure these warnings disappear is by inserting the email through DMI. Emails inserted using this method appear clean, as if they had been received from a trusted sender.
There are cases where a Whitelist process has been carefully implemented and the simulation emails are successfully received through the SMTP protocol.
Until one day, without prior notice, the emails stop arriving. What happened? A tool was updated, and the implemented Whitelist no longer works.
This scenario is very common. With DMI, the probability of occurrence is minimized since there are few - or no - tools that require a Whitelist.
This method allows for direct injection of emails into the inbox of our organization’s users, typically leveraging an API developed by our email service provider.
In this post, we’re going to explain step by step how to send Phishing and Ransomware simulations through DMI for Google and Microsoft.
Many cybersecurity or IT managers look for phishing simulation platforms to analyze the likelihood that their organization’s users will fall for social engineering traps. However, we often need to remember how they work or what they specifically entail.