Sophos Email Appliance (SEA)
Allowlisting in your Sophos Email Appliance (SEA) will allow your users to receive phishing and training-related emails from the phishing tackle platform
The instructions below include information from the SEA Configuration guide, provided by Sophos. If you run into issues allowlisting Phishing Tackle in your Sophos appliance, we recommend contacting Sophos directly for specific instructions. You can also contact us at email@example.com for further assistance.
Modify the Allow/Block Lists
The Allow/Block lists allow you to define hosts and senders which are trusted or untrusted. Messages from allowed hosts and senders will bypass Sophos antispam filtering.
To add Phishing Tackle to the Allow list:
- In your SEA manager, navigate to Configuration > Policy > Allow Lists.
- Click the appropriate list to display the List Editor dialog box.
- If you have an additional spam filter in front of SEA, select the Senders tab. If you do not have an additional spam filter in front of SEA, select the Hosts tab.
- In the Add entries text box, enter each required item* and click Add.
- *What you enter next varies depending on your selection in Step 3 (Hosts or Senders).
- If on the Senders tab, enter Phishing Tackle's server hostname
- If on the Hosts tab, enter Phishing Tackle's IP
- For more information on either of these, see this article.
- (Optional) you can also add Phishing Tackle's phishing link and landing page domains to the Allowlisted URLs list. See our full list of Phishing URLs here.
Sophos Perimeter Protection
Many of Phishing Tackle's phishing emails utilise senders from domains that don't exist. Sophos has a Perimeter Protection setting which blocks mail from any non-existent domains and we do not recommend that you shut this setting off, as shutting it off might allow real spam to come through your filters.
As a workaround, you can modify the senders in phishing templates to come from one of Phishing Tackle's phishing link or landing page domains. To do this, please contact firstname.lastname@example.org.
By adding Phishing Tackle to your SPF records, you will be able to use spoofing email templates, as they will appear to come from your own domain.
Allowlisting in Sophos firewall allows users who've failed your phishing tests to access Phishing Tackle's landing pages.
The instructions below were created for Sophos XG firewalls, so other versions of Sophos firewalls may require a different set of steps. We recommend contacting Sophos directly for specific instructions on how to allowlist Phishing Tackle.
To allowlist in Sophos XG Firewalls
- For a full and up-to-date list of our link/landing page URLs, simply open our "Phishing Domains" page within the platform (accessed via Organisation > Settings > Phishing Domains). You can also view our knowledge base article here.
- Log in to the portal for the firewall.
- Select Web, located on the left.
- Select Exceptions, located at the top.
- If you don’t have an exception list, click Add Exception.
- Provide a name (PhishingTackle) and an optional description for the list.
- Check the boxes to the right under Skip the selected checks or actions for the services you purchased.
- Check URL pattern matches.
- Enter each phishing and landing page domain, one line at a time, in the Search/Add box. XXXXXX and .com represent each phishing and landing page domain.
- Click SAVE at the bottom of the page.
Should you require any further assistance with this article, or any aspect of our platform, please contact support.