What is an email whitelist?
An email whitelist is a list of approved or “safe” email addresses of which a spam filter always allows delivery.
Why do I have to whitelist?
Many of our phishing templates mimic real-life phishing attacks. If you don't whitelist our mail servers to allow these emails through, many of the emails will not get delivered to your users due to their similarity with past attacks. They may end up in Junk, Spam, or blocked entirely.
When you aren't sure if phishing test emails have reached your users or not, it will be impossible to get an accurate representation of your organisation's click-prone percentage.
And, because your users will not consistently receive your phishing tests if you don't whitelist, they will not be adequately prepared to defend your organization when a real, dangerous phishing email gets past your mail filters.
Guarantee delivery of phishing test emails and training notifications by taking the time to properly whitelist our mail servers. If you have trouble whitelisting, please conatact our support team for further assistance.
Whitelisting best practices
We recommend whitelisting our IP addresses or hostname in your mail server if you're not using a cloud-based spam filter. If you are using a cloud-based spam filter, you will need to whitelist by email header in your mail server and whitelist by IP address in your spam filter.
Take into consideration the various products or services you may be using in your mail or web environment to prevent issues with deliverability. Our support team is available for assistance.
Conduct a preliminary test campaign before your Baseline Phishing Test.
We recommend that you run at least one phishing campaign that is limited in scope to only one or two administrative users who can confirm receipt and tracking of clicks on phishing links. This should be done before the baseline test and will confirm that our simulated phishing emails are getting through any spam/firewall protection.
As soon as you are done with your preliminary test, you should delete or hide the campaign so that it will not interfere with your reports or risk score.
Our whitelisting technical information can be found here: Whitelisting Technical Information.