Skip to main content

Setting Up DMI to Send Phishing Simulations

This article describes the setup steps for delivering phishing simulations to your employees via DMI including whitelisting with emails security tools

Updated over a month ago

Adaptive offers two methods for sending phish simulations: SMTP and DMI. Review this article to decide which is best for your organization.

⚠️ If your organization has more than one workspace, you must use SMTP, not DMI. See our guide: Setting up SMTP to Send Phishing Simulations.

DMI Whitelisting Guide

Although DMI reduces the need to whitelist for initial deliverability, some Adaptive customers have post-delivery email security tools that can still flag Adaptive phishing emails as spam and/or obfuscate phish email click reporting.

We recommend whitelisting us by header for all of the vendors you use. If your vendor requires whitelisting by domain instead of header, we have also included our current sender domains below.

Email Header:

  • Key: X-Adaptive-Bypass

  • Value: adaptive

Sender Domains:

Adaptive may add new sending domains and we will notify customers when changes are made. Here is our current list of supported domains for our phish simulation emails.

  1. confirm-login.com

  2. loginupdate.com

  3. resetusername.com

  4. logindirect.net

  5. secureaccount.net

  6. secureaccounts.net

  7. resetpassword.io

  8. secureaccounts.org

  9. updateaccount.co

  10. verifylogin.co

  11. protect-sys.com

  12. sys-info-net.com

DMI Setup Guide

DMI Setup Guide for Microsoft

Note: You must be a Microsoft Global Administrator to complete these steps.

  1. In the Adaptive Admin Portal, go to Settings > Phishing > Phishing Simulation Delivery Method.

  2. Select the “Direct Message Injection (DMI)” button and then “Setup Microsoft DMI.”

  3. Open a new tab and sign into Microsoft 365 Admin Center.

  4. Return to Adaptive and click the “Verify Microsoft 365 DMI” button to complete setup.

DMI Setup Guide for Google

Note: You must be a Google Super Admin to complete these steps.

  1. In the Adaptive Admin Portal, go to Settings > Phishing > Phishing Simulation Delivery Method.

  2. Select the “Direct Message Injection (DMI)” button and then “Setup Google DMI.”

  3. Open a new tab and navigate to admin.google.com.

  4. In the Google Workspace Admin console, select the Security > Access and data control section.

  5. Select the “API Controls” section.

API Controls section

6. Scroll down to the Domain wide delegation section, and click the "Manage Domain Wide Delegation" button.

Domain wide delegation

7. Click the "Add new" button.

Add new

8. In the Client ID field, enter: field value is specific to your Adaptive account

9. In the OAuth Scopes field, enter: copy values from your Adaptive account

10. Click the "Authorize" button.

11. In Adaptive, click the "Verify Google DMI" button.

Did this answer your question?