Whitelisting allows PhishingBox simulated phishing emails to bypass your mail filter. In order for PhishingBox simulations to function properly, our IPs must be whitelisted in your spam filter. Some systems may require whitelisting by headers to ensure our test emails are received by your users.
Portal IP addresses
Before running any tests, you need to whitelist the following IP addresses on your servers to ensure delivery:
If your security configuration does not allow whitelisting by IP, you also have the option of using our custom email header, which will be inserted into every email your organization receives from Portal. The header has the name 'X-PHISHTEST' and the value 'PhishingBox'.
In some scenarios, depending on email client/firewall configuration, you may have to whitelist phishing and landing domains. The domains that need to be whitelisted are specified by the templates that you are using. The image below shows where to locate the domain utilized by the template.
A comprehensive and up-to-date list of the PhishingBox phish domains can be downloaded by clicking the following link: phish_domains.csv.
Whitelisting Best Practices
Make sure the Portal's simulated phishing emails are not being sent to the spam folder or being filtered automatically by some external spam filtering system. If it is, and whitelisting doesn't work, the content of the email might have to change to lower the spam rating. A service we recommend for testing is mail-tester.com/
If you don't want to send from our mail servers, you can use your own internal SMTP server to send the mail. This is done from Template Edit Email > Change Outgoing Server.
For diagnoses purposes, send the test email to another location, another person on a different domain, and another person on the same domain. If the mail sends to the different domain and no one on one specific domain, it has to be their mail servers. If it is sent to some people but not others it can't be a Portal problem. If it is sent to one person within a domain but not another it could be in the spam folder, or it's a user problem, or their system has some kind of multi-tiered distribution system with different levels of security.
The Portal's technical support team can provide some help with whitelisting issues. However, there are many different kinds of mail filtering services and providers in use. If your campaign emails are not being received by your targets after following the whitelisting steps outlined above, we recommend communicating directly with your service provider to properly whitelist the Portal.
Shown below is an email you may want to send to your service provider's support team to request whitelisting assistance. This message will help them understand the services Portal provides:
Our organization is using Portal, a security training platform that provides simulated phishing tests and training for our company's employees. We would like to whitelist all Portal simulated phishing tests and training emails so that they successfully reach the inboxes of our employees. Would you please help us whitelist Portal's IPs and hostnames?
For further inquiries, contact Portal customer support.