Direct Message Injection (DMI)

DMI

Direct Message Injection

Direct Message Injection is an alternative delivery method for Phishing and Ransomware simulation emails.

Instead of going through the traditional SMTP email route, with DMI, the message is directly inserted into the recipients' inboxes.

This is made possible through a secure API link between SMARTFENSE and the email service provider.

Direct Message Injection

Who can use DMI?

Sending simulations with DMI is available for all organizations using Microsoft (Outlook) or Google (Gmail) as their corporate email service providers.

What are the advantages of using DMI?

There are usually multiple security barriers between the simulation platform and the corporate email server.

In this context, ensuring proper email delivery requires whitelisting in each of the security tools involved.

With DMI, this process is considerably simplified.

Direct Message Injection

With DMI, is whitelisting still necessary?

The whitelisting process can be divided into two main groups:

Ícono con un check

Whitelisting for the correct reception of simulation emails.

web Direct Message Injection

Whitelisting for access and navigation of simulated Phishing websites.

DMI greatly simplifies the whitelisting process related to email delivery, to the point where it can sometimes eliminate the need for it altogether

Some additional advantages

Warnings in the email client

Another advantage of DMI is that emails often remain free from automatic warnings added by some email clients.

For example, in Gmail, it's common for simulation emails to display a warning: "This message was not sent to Spam in accordance with your organization's settings".

Google Direct Message Injection

How to remove this warning?

The issue with these warnings is that they are independent of the simulation tool used and cannot be removed through whitelisting or other configurations.

The only way to ensure these warnings disappear is by inserting the email through DMI. Emails inserted using this method appear clean, as if they had been received from a trusted sender.

Unexpected changes in security tools

inbox DMI

There are cases where a Whitelist process has been carefully implemented and the simulation emails are successfully received through the SMTP protocol.

direct message injection

Until one day, without prior notice, the emails stop arriving. What happened? A tool was updated, and the implemented Whitelist no longer works.

check

This scenario is very common. With DMI, the probability of occurrence is minimized since there are few - or no - tools that require a Whitelist.

I Want More Information:

Related articles in our blog

This method allows for direct injection of emails into the inbox of our organization’s users, typically leveraging an API developed by our email service provider.

In this post, we’re going to explain step by step how to send Phishing and Ransomware simulations through DMI for Google and Microsoft.

Many cybersecurity or IT managers look for phishing simulation platforms to analyze the likelihood that their organization’s users will fall for social engineering traps. However, we often need to remember how they work or what they specifically entail.