If your organization utilizes Barracuda's Email Security Gateway, you can safelist PhishingBox to allow our simulated phishing test emails and training notifications through to your end-users.
For an up-to-date list of the PhishingBox's IP addresses, see our Safelisting Basics article.
Safelisting IP addresses in Barracuda's Email Security Gateway
- Log in to your Barracude Email Security Gateway web interface.
- Go to the BLOCK/ACCEPT > IP Filters page.
- In the Allowed IP/Range section, enter the first PhishingBox IP address in the IP/Network Address field.
- In the Netmask field, type 255.255.255.255
- Optional: add a note in the Comment field. For example, type "Portal Simulated IP address"
- Click Add to safelist the entered IP address.
- Complete steps 2-6 for each of the Portal IP address found above.
This information was obtained and summarized from Barracuda's knowledgebase.
Barracuda Intent Analysis
You may need to safelist us in Barracuda's Intent Analysis feature to prevent the URLs in simulated phishing tests from being altered, and potentially resulting in skewed phishing test results. Here is an article from Barracuda explaining this process.
NOTE: In some cases the PhishingBox simulated phishing emails can still be flagged by Barracuda even if the IP addresses/domains have been properly safelisted. This is most likely due to our phish domains being listed on Barracuda's "Intent Analysis" list. If you are still having trouble, confirm that the phish domain used by your template is not listed on Barracuda Central and notify email@example.com if it is listed.
Barracuda Sender Authentication
If you'd like to spoof your own domain in simulated phishing tests, you can exempt Trusted Forwarder IP addresses from SPF checks. Here is an article from Barracuda with more information.