LUCY allows you to create filters within the campaigns that determine whether the victim is allowed to access the campaign. According to the rules set by the campaign administrator requests from certain mail clients, IP-addresses or IP-ranges are either denied or allowed to access the campaign. Filters can be defined within the particular campaign “Campaign Name” → Advanced Settings → Filters.
There are three policies available:
In order to set the rule, choose the desired policy, and click Add, then choose the filter criteria (IP or User-agent) and click Save after.
Preventing false clicks by Office 365 Advanced Threat Protection service
In case there are strict policies within the network one is able to use filters in order to provide clear statistics gathering. For example, ATP policies for Office365 track user's clicks on phishing links and rewrite suspicious URLs. Thus, the first request to Lucy server is made by Microsoft services, and this request counts as the one made by the victim. As a result, unreliable statistics are gathered.
In order to avoid such an issue, one might use filters feature and deny access for certain IP-addresses that belong to Microsoft protection services. IP-ranges for O365 ATP service are: 40.94.0.0/16 and 104.47.0.0/16
Please note that the IP-ranges may vary from client to client and those from above are known by the LUCY team. In case aforementioned policies do not work, one will have to track which IP-addresses requests are made from.