Skip to main content

Safelisting Basics

PhishingBox Support
  • Updated

Why Safelist?

Safelisting allows Portal simulated phishing emails to bypass your mail filter. In order for PhishingBox simulations to function properly, our IPs must be whitelisted in your spam filter. Some systems may require safelisting by headers to ensure our test emails are received by your users.

PhishingBox IP addresses

System emails will originate from the following IP address. System emails include new account user emails and domain authorization emails. Any emails generated in PhishingBox that are not simulated phishing emails are considered system emails.

US - Phishing Mail

  • 64.191.166.196

US - System Mail

  • 69.72.47.194

US & EU - Training Mail

  • 64.191.166.197

EU - Phishing Mail

  • 64.238.34.10
  • 64.238.34.11

EU - System Mail

  • 161.38.205.202

  • NOTE: Simulated phishing emails will originate from 64.191.166.196 if your instance is hosted in US, 64.238.34.10  or 64.238.34.11 if hosted in EU. System emails will originate from the other IP addresses. Some email security software, such as Mimecast, will require you to safelist by CIDR range. The phishing mail server's CIDR range is 64.191.166.0/24 (US), 64.238.34.10/24 (EU).

Under certain circumstances (e.g. if you are trying to connect an LDAP integration to PhishingBox) you may need to whitelist the PhishingBox portal IP address - 54.80.160.189 (US), 54.93.55.235 (EU).

PhishingBox landing pages and image assets are hosted on the following IP address. To allow landing pages or images hosted by PhishingBox to display, you may need to whitelist the landing page server to display images in emails or landing pages and allow targets to access landing pages.

US - Landing

  • 64.191.166.198
  • 64.191.166.201
  • 64.191.166.220
  • 64.191.166.221
  • 64.191.166.222
  • 64.191.166.223
  • 64.191.166.224

EU - Landing

  • 64.238.34.20

The training sites are hosted on the following IPs:

US - Training

  • 54.88.246.212

EU - Training

  • 3.67.53.250

Email Header

If your security configuration does not allow safelisting by IP, you also have the option of using our custom email header, which will be inserted into every email your organization receives from PhishingBox. The header has the name 'X-PHISHTEST' and the default value 'PhishingBox'. A custom header key/value pair can also be added by navigating to Administration > Settings > Mail Settings.

Safelisting Domains

In some scenarios, depending on email client/firewall configuration, you may have to safelist phishing and landing domains. The domains that need to be safelisted are specified by the templates that you are using. The image below shows where to locate the domain utilized by the template when viewing the Manage Templates page.

template-domain.png

Safelisting Best Practices

Make sure the PhishingBox's simulated phishing emails are not being sent to the spam folder or being filtered automatically by some external spam filtering system. If it is, and safelisting doesn't work, the content of the email might have to change to lower the spam rating. A service we recommend for testing is mail-tester.com/

If you don't want to send from our mail servers, you can use your own internal SMTP server to send the mail.  This is done from Template Edit Email > Change Outgoing Server.

For diagnosis purposes, send the test email to another location, another person on a different domain, and another person on the same domain. If the mail sends to the different domain and no one on one specific domain, it has to be their mail servers.  If it is sent to some people but not others it can't be a PhishingBox portal problem.  If it is sent to one person within a domain but not another it could be in the spam folder, or it's a user problem, or their system has some kind of multi-tiered distribution system with different levels of security.

Safelisting Assistance

PhishingBox's technical support team can provide some help with safelisting issues. However, there are many different kinds of mail filtering services and providers in use. If your campaign emails are not being received by your targets after following the safelisting steps outlined above, we recommend communicating directly with your service provider to properly safelist PhishingBox.

Shown below is an email you may want to send to your service provider's support team to request safelisting assistance. This message will help them understand the services PhishingBox provides:

Our organization is using PhishingBox, a security training platform that provides simulated phishing tests and training for our company's employees. We would like to safelist all PhishingBox simulated phishing tests and training emails so that they successfully reach the inboxes of our employees. Would you please help us safelist PhishingBox's IPs and hostnames?

Microsoft Outlook and Gmail

The two most common mail clients are Microsoft 365 outlook and Gmail. To safelist properly for these platforms reference the guides below.

Safelisting for Microsoft 365 Outlook using Advanced Delivery 

Safelisting for Gsuite and Gmail pt.1 

Safelisting for Gsuite and Gmail pt.2

 

For further inquiries, contact PhishingBox customer support.

Back to top

Related articles

Comments

0 comments

Please sign in to leave a comment.