Skip to main content
All CollectionsuPhishMessage Injection
Deliver simulations seamlessly with Message Injection
Deliver simulations seamlessly with Message Injection

Message Injection allows phishing simulation emails to be placed directly into users' mailboxes.

Courtney Leacock avatar
Written by Courtney Leacock
Updated over a week ago

Message Injection is a delivery method that allows uPhish simulation emails to be inserted directly into users' mailboxes.

By bypassing the need for regular email delivery, the success rate of delivery is increased significantly and the requirement for allow-listing usecure domains and IP addresses is removed.

Message Injection can be configured for Microsoft 365 and Google Workspace.

Can users tell the difference between emails sent with Message Injection and emails delivered by regular methods?

The only current limitation to Message Injection is that a new email pop-up does not appear on Microsoft Outlook on Windows, either on desktop or web. Otherwise emails delivered with Message Injection appear exactly alike other emails in users' mailboxes.

In this article, you'll find:


How do I set up Message Injection?

You can set up Message Injection on either Microsoft 365 or Google Workspace. The following guides will walk you through the steps you need to carry out.


How do I test Message Injection?

Once you’ve set up Message Injection you should test it to confirm that it works.

On the Message Injection page in your platform settings, click Run Message Injection Test under the service you’ve set up (Microsoft 365 or Google Workspace) to start the test.

The test utility will open with your email address as the recipient. If you do not have a mailbox on the service you’re testing you will need to change the recipient to an email address that does.

Click Send Test Email to start the message injection test.

This will send a test email with the subject “Message Injection Test” to the recipient specified. It should take less than a minute to complete. The test will be placed in a queue and could take longer than expected if the service is busy.

You’ll see the below message if the test was successful:

You should also confirm that the email was delivered successfully by checking the recipient mailbox. Please note that not all mail clients will trigger an alert/notification when message injection emails are received. This is a known issue in Outlook Desktop and Web.

You will see an error screen like this if a message injection test fails:

Please provide a screenshot of this window if you contact our support team regarding a failed test. The Job Id will help them review our logs to diagnose the issue.


How do I deliver emails using Message Injection?

Enabling Message Injection makes it an available option to send simulation emails with. You may also wish to set is as the default delivery method for uPhish.

Auto Phish will by default use the same delivery method as uPhish. However, if you wish to configure it separately, you can also set a default delivery method for Auto Phish.

Set Message Injection as the default uPhish delivery method

Setting up Message Injection will make it available as a delivery method for phishing simulations. To set it as the default method, go to Settings > uPhish > Message Injection and scroll down to Additional Settings.

Enable the Send Simulated Phishing emails using Message Injection by Default method toggle and click Save.

This will set the delivery method of all simulation created or generated to Message Injection going forward. Please note that the platform will fallback to SMTP (i.e. regular email) if sending simulated phishing emails via message injection fails for any reason.

Set Message Injection as the default Auto Phish delivery method

You can set the preferred delivery method for phishing simulations generated by Auto Phish.

Go to uPhish > Configure Auto Phish

The Preferred Delivery Method field will be available if Auto Phish is enabled and message injection is configured.

The field has the following options:

  • Default - Auto Phish will use the default delivery for phishing simulations according to the toggle under Message Injection settings.

  • SMTP - Regular Email Delivery

  • Message Injection

Please note that the platform will fallback to SMTP (i.e. regular email) if sending simulated phishing emails via message injection fails for any reason.

Did this answer your question?