During attack Simulation , you may face Symantec Email Security Cloud (Message Lab ) while conducting phishing campaign . Message Lab stops known and unknown techniques while delivering malicious email content .
while receiving email from external resources , message lab spider will open the message and parse content of body , scanning attachments , also validating the links by navigating into them behind the scene .
Message Lab will open the email follow all links , so if any external URL contains malicious payload , email message will be blocked
scanning attachment for malicious payloads
if the content of message is safe , email message will be delivered
to determine which IP Address Message Lab uses while crawling links inside email body or even inside the attachment is by sending a test email with a link that's redirect into your web server . Message Lab's Spiders real IP address is only used while delivering your email successfully , while if you getting hits from IP ranges that's not related to message lab this because usage of some ISP solutions .
Attacker send test email including his own webserver link .
inspection of web logs to determine which IP address being used .
the idea of bypassing is to setup deny rules for specific range of IP address gathered before about Message Lab Spiders , and forward it into safe URL while malicious link will be accessible for white listed IP address
Cloud instance .
so from access control option , you can setup a new deny rule which will deny all requests comes into attacker machine from Spiders , below used of IP address gathered from test stage done before .
after setting up denied list , any requests comes into web server from un authorized source will be forbidden .
a feature comes with openlight webserver which redirect requests per response code . it means you control URL navigation by Error Response code (403 or 403)
After configuration is done , now you are ready to send your email with a malicious link you choose whether on-click downloadable attachment or phishing landing page