Overview
Safelisting allows PhishingBox's simulated phishing emails to bypass your mail filter(s) which guarantees delivery to the user's inbox. This is a requirement to ensure our simulations function properly. Most systems will require our IP addresses to be safelisted, and some may also require domains or safelisting by headers. This article is product agnostic and details common ways to configure safelisting for security solutions. Please review the Safelisting section of our user guide to find product specific safelisting articles.
- PhishingBox IP Addresses
- Safelisting Domains
- Email Header
- Safelisting Assistance
- Microsoft 365 and Google Workspace
PhishingBox IP Addresses
Mail Servers
Phishing, Training, and System emails all originate from separate IPs. US and EU have separate mail servers for Phishing and System emails, but both use the same Training email server. All the PhishingBox mail IP addresses are listed below:
NOTE: System emails include new account user emails, domain authorization emails, and School emails. Any emails generated in PhishingBox that are not simulated phishing / training emails are considered system emails
US
- 64.191.166.196 (Phishing)
- 64.191.166.197 (Training)
- 69.72.47.194 (System)
EU
- 64.238.34.10 (Phishing)
- 64.238.34.11 (Phishing)
- 64.191.166.197 (Training)
- 161.38.205.202 (System)
NOTE: Some email security software, such as Mimecast, will require you to safelist by CIDR range. The phishing mail server's CIDR range is 64.191.166.0/24 (US), 64.238.34.10/24 (EU).
Landing Page Servers
PhishingBox landing page servers and image assets are hosted on the following IP addresses. In some cases you may need to safelist our landing page server(s) to allow images to display in emails, and allow targets to access landing pages.
US
- 64.191.166.198
- 64.191.166.201
- 64.191.166.205
- 64.191.166.220
- 64.191.166.221
- 64.191.166.222
- 64.191.166.223
- 64.191.166.224
EU
- 64.238.34.20
Portal and School IPs
Under certain circumstances (e.g. if you are trying to connect an LDAP integration to PhishingBox, connecting to SMTP Relay, etc.) you may need to safelist the PhishingBox portal IP address, Cron server address, and/or API server address.
US
- 54.80.160.189 (Portal)
- 54.161.73.139 (Cron)
- 54.158.229.58 (API)
- 54.88.246.212 (School)
EU
- 54.93.55.235 (Portal)
- 3.75.8.204 (Cron)
- 52.29.89.35 (API)
- 3.67.53.250 (School)
Safelisting Domains
In some scenarios, it may be necessary to safelist phishing domains. The domains that need to be safelisted are specified by the templates that you are using. The image below shows where to locate the domain utilized by the template when viewing the Manage Templates page (Templates > Manage Templates).
Email Header
If your security configuration does not allow safelisting by IP, you also have the option of using our custom email header. This header will be inserted into every email your organization receives from PhishingBox. The header has the name 'X-PHISHTEST' and a default value of 'PhishingBox'. A custom header key/value pair can also be added by navigating to Administration > Settings > Mail Settings.
Safelisting Best Practices
- Reference the Safelisting section of our User Guide and follow the guides specific to the products your company uses (e.g. Safelisting in Microsoft 365)
- Send a Test Campaign to a few targets (e.g. the admins of the campaign) to ensure delivery to the inbox. The targets in this campaign should click the link(s) in the email and interact with the landing page to ensure actions are being recorded properly.
- If mail is not successfully delivering to inboxes after proper safelisting, looking at message traces, quarantine reports and mail headers can help diagnose the rule or third party app interfering with deliverability.
Safelisting Assistance
PhishingBox's technical support team can provide help with safelisting issues. Ultimately, you may need to contact the support of your mail service/security product if you're having deliverability issues. Shown below is an email you could send to your service provider's support team to request safelisting assistance. This message will help them understand the services PhishingBox provides:
Our organization is using PhishingBox, a security training platform that provides simulated phishing tests and training for our company's employees. We would like to safelist all PhishingBox simulated phishing tests and training emails so that they successfully reach the inboxes of our employees. Would you please help us safelist PhishingBox's IPs and hostnames?
Microsoft 365 and Google Workspace
The two most common mail services are Microsoft 365 and Google Workspace. Reference the guides below to configure safelisting in these platforms:
For further inquiries, contact PhishingBox customer support.
Comments
0 comments
Please sign in to leave a comment.