What is an email whitelist?
An email whitelist is a list of approved or “safe” email addresses of which a spam filter always allows delivery.
Why do I have to whitelist?
Many of our phishing templates mimic real-life phishing attacks. If you don't whitelist our mail servers to allow these emails through, many of the emails will not get delivered to your users due to their similarity with past attacks. They may end up in Junk, Spam, or blocked entirely.
When you aren't sure if phishing test emails have reached your users or not, it will be impossible to get an accurate representation of your organisation's click-prone percentage.
And, because your users will not consistently receive your phishing tests if you don't whitelist, they will not be adequately prepared to defend your organization when a real, dangerous phishing email gets past your mail filters.
Guarantee delivery of phishing test emails and training notifications by taking the time to properly whitelist our mail servers. If you have trouble whitelisting, please conatact our support team for further assistance.
Which method is right for me?
We recommend whitelisting our IP addresses or hostname as the primary method. This works best when you're not using a cloud-based spam filter. If you are using a cloud-based spam filter, you may need to whitelist by email header in your mail server and whitelist by IP address in your spam filter.
The reason for this is that when you use a cloud-based spam filter, the emails arrive there first, and are sent from there to your mail server, thus losing the original IP address they came from (ours) and having it replaced with your spam filter's.
Take into consideration the various products or services you may be using in your mail or web environment to prevent issues with deliverability. Our support team is available for assistance.
Conduct a preliminary test campaign before your Baseline Phishing Test.
We recommend that you run at least one phishing campaign that is limited in scope to only one or two administrative users who can confirm receipt and tracking of clicks on phishing links. This should be done before the baseline test and will confirm that our simulated phishing emails are getting through any spam/firewall protection.
As soon as you are done with your preliminary test, you should delete or hide the campaign so that it will not interfere with your reports or risk score.
Our whitelisting technical information can be found here: Whitelisting Technical Information.