Direct Mail Injection Release (DMI)

Direct Mail Injection (DMI) is a new delivery method for phishing simulations that sends emails directly into learner mailboxes using the Microsoft 365 Graph API or Google Workspace Gmail API.

Instead of relying on traditional SMTP delivery, which requires whitelisting sending IPs and domains to bypass spam filters, DMI injects simulation emails natively through your client's existing mail platform. The result is reliable, consistent delivery without the configuration overhead.

DMI is available for the two most widely used mail platforms:

Microsoft 365 Direct Delivery

Connects via the Microsoft Graph API using OAuth2 authentication. Once authorised, the platform can inject phishing simulation emails directly into Microsoft 365 mailboxes.

Google Workspace Direct Delivery

Connects via the Gmail API using Domain-Wide Delegation. A service account is configured in the client's Google Admin console, granting the platform permission to insert emails on behalf of users.

To setup DMI for your clients please refer to the DMI knowledge base guide: https://kb.cyberaware.com/docs/phishing-direct-mail-injection-setup