To ensure our simulated phishing campaigns and training notifications reach your users, it's essential to add our IP addresses, domains, and URLs to your allow list in your email security and network filters (IDS, firewall, client-side email filters, third-party Cloud email filters). This guide provides the prerequisites and instructions to do just that. We've tailored the process for your specific environment, with dedicated sections at the bottom of the page for organizations using only Microsoft Email Services, Microsoft Email Services with a third-party cloud filter (such as VIPRE Email Security Cloud), or VIPRE Email Security Cloud exclusively.
We will be sending simulated phishing emails from outside your network. Notifying your IT department and ensuring successful email delivery is essential by completing the tasks listed below.
Add Exceptions for Phishing Simulations
There are two options for routing PhishProof emails to your organization. Select the appropriate tab below for details.
VIPRE Recommends
If your organization uses Microsoft 365 as your email platform, we strongly recommend using the Direct-to-Inbox option below.
Conventional Email Delivery
The following lists have been formatted for easy copying from here and pasting into a CSV for importing.
| Sending IP Addresses used for email delivery |
69.72.47.208 159.112.248.122 |
| PhishProof Landing Page and Template Domains |
*.phishproof.com accountsecurity.online |
| SMTP Relay used by PhishProof | smtp.mailgun.org |
Direct-to-Inbox (DTI) - Microsoft 365 Only
If your organization uses an Integrated Cloud Email Security (ICES) solution, additional configuration may be required. Contact your vendor for additional assistance.
The following lists have been formatted for easy copying from here and pasting into a CSV for importing.
IP addresses needed to configure Inbound Connector in Microsoft 365
If you have a dedicated instance of iLMS/PhishProof, or do not see your access URL listed below, contact Technical Support.
| Region/Access URL | IP Address for DTI Email Service |
|---|---|
|
Asia |
13.215.236.136 |
|
Europe |
176.34.82.119 54.72.119.208 52.211.103.221 |
|
EMEA |
34.253.128.215 54.72.119.208 52.211.103.221 |
|
North America |
34.229.36.22 52.54.239.51 100.29.131.89 54.91.86.36 |
|
Partners |
54.156.131.219 52.54.239.51 100.29.131.89 54.91.86.36 |
Domains needed for allow-listing in your email security solution
| PhishProof Landing Page and Template Domains |
*.phishproof.com accountsecurity.online |
Important
Please navigate to PhishProof Direct-to-Inbox for complete details on how to configure DTI, including configuring an Inbound Connector in Microsoft 365 and configuring Mail Flow Rules.
These steps are not related to email delivery and should be followed regardless of whether or your organization uses DTI or Conventional Email Delivery.
The following action is needed to prevent Microsoft Defender SmartScreen from misidentifying safe PhishProof educational landing pages as malicious:
-
Update Group Policy settings for SmartScreen
- For assistance, refer to the following Microsoft knowledge base articles:
These steps are required only for Conventional Email Delivery.
If your organization uses Microsoft Email Services, the following configuration is required to ensure seamless email delivery and proper functionality of your phishing simulations.
-
Configure Allow-Listing in Microsoft 365 Defender: Set exceptions in the Microsoft 365 Defender portal to allow simulated phishing emails to bypass filtering
- For assistance, refer to Microsoft's knowledge base article
- For assistance, refer to Microsoft's knowledge base article
- Bypass ATP Link and Attachment Processing: Create rules in Microsoft 365 to bypass Advanced Threat Protection (ATP) processing for links and attachments in simulated phishing emails
Additional configuration is required if your organization uses Microsoft Email Services AND a third-party secure email gateway (including VIPRE Email Security Cloud). Without these adjustments, email flow issues may occur.
Why Configuration is Needed: Due to intermediary routing, Microsoft 365 may not correctly recognize simulation emails as coming from PhishProof when using a third-party cloud filter.
-
Create a Receive Connector in Office 365: A Receive Connector allows emails processed by your third-party filter to enter Microsoft's email service securely
- If you already have a Receive Connector, skip the remainder of this step and proceed to Step 2
- For assistance, refer to the following VIPRE articles:
-
Enable Enhanced Filtering for the Receive Connector in Exchange Online: This ensures that Microsoft recognizes emails routed through your third-party filter as trusted
- For assistance, refer to Microsoft's knowledge base article
If your organization uses VIPRE Email Security Cloud, you don't need to make any changes within your VIPRE account. However, you must still perform the allow-listings from the previous step on your organization's mail server.