These whitelisting instructions will allow all emails from our platform to be sent & received (Welcome, weekly security tips, phishing, and push notifications). The most effective way to whitelist is by IP Address and domain. Our phishing header is also included below. If using Office 365, you will need to configure Advanced Delivery for SecOps Mailboxes and Third-Party Phishing Simulations.
IP Addresses
Welcome, Weekly Security Tip & Push Notifications Emails
- 149.72.184.111
- 168.245.40.98
- 149.72.207.249
- 168.245.30.20
Phishing Emails
- 54.209.51.230
- 18.209.119.19
- 34.231.173.178
- 168.245.68.173 *
- 168.245.34.162 *
- 157.230.65.76 *
* These are reserved IP addresses. If you are using a third-party spam filter with its own IP addresses, you can replace these reserved IP addresses with the third-party spam filter’s IP addresses.
Domains
Welcome, Weekly Security Tip & Push Notifications Emails
- security-reminders.com
- pii-protect.com
Phishing Emails
- it-support.care
- customer-portal.info
- member-services.info
- bankonlinesupport.com
- secureaccess.biz
- logineverification.com
- Iogmein.com
- mlcrosoft.live
- cloud-service-care.com
- packagetrackingportal.com
Phishing Email Header
This is the Phishing Email Header we use; you can choose to whitelist these as well but not required:
X-SN-EMAIL-PHISHINGSender Emails
Whitelist these emails for the Welcome, Weekly Security Tip & Push Notifications Emails
Whitelisting for Various Platforms
The methods to do this depend on the spam filter you are using. Some common filters are listed below along with directions on how to whitelist.
Microsoft 365
Use one of the following methods to whitelist.
Powershell Script for Windows
#Requires -Module ExchangeOnlineManagement
Install-Module ExchangeOnlineManagement
Connect-ExchangeOnline
#IP addresses for phishing, welcome, micro-training, newsletter & reminder emails
$IPAddresses = "149.72.207.249/32",
"168.245.40.98/32",
"149.72.184.111/32",
"168.245.30.20/32",
"54.209.51.230/32",
"18.209.119.19/32",
"34.231.173.178/32",
"168.245.68.173/32",
"168.245.34.162/32",
"157.230.65.76/32"
#Phishing Domains
$domainList = "it-support.care",
"customer-portal.info",
"member-services.info",
"bankonlinesupport.com",
"secureaccess.biz",
"logineverification.com",
"Iogmein.com",
"mlcrosoft.live",
"cloud-service-care.com",
"packagetrackingportal.com"
#Phishing Simulation URLs
$simURL = "~it-support.care~",
"~customer-portal.info~",
"~member-services.info~",
"~bankonlinesupport.com~",
"~Iogmein.com~",
"~mlcrosoft.live~",
"~packagetrackingportal.com~",
"~secureaccess.biz~",
"~logineverification.com~",
"~cloud-service-care.com~"
#Phishing Override Rule Name
$phishRuleName = "BSNPhishSimOverrideRule"
#Connector Name
$connectorName = "BSN Connector"
#Add URL's to Advanced Delivery Third Party Phishing Simulation
New-TenantAllowBlockListItems -Allow -ListType Url -ListSubType AdvancedDelivery -Entries $simURL -NoExpiration
#Create a connector for BSN IP addresses
New-InboundConnector -Name $connectorName -SenderIPAddresses $IPAddresses -RequireTls $true -Enabled $true -SenderDomains *
#Set Connection Filter Policy
$listIPAllowList = New-Object System.Collections.Generic.HashSet[String]
foreach ($ip in $IPAddresses){[void]$listIPAllowList.add($ip)}
(Get-HostedConnectionFilterPolicy -Identity Default).IPAllowList | ForEach-Object {[void]$listIPAllowList.Add($_)}
Set-HostedConnectionFilterPolicy -Identity Default -IPAllowList $listIPAllowList
Connect-IPPSSession
#Add domains and IP addresses to Advanced Delivery Third Party Phishing Simulation
New-PhishSimOverridePolicy -Name PhishSimOverridePolicy
New-PhishSimOverrideRule -Name $phishRuleName -Policy PhishSimOverridePolicy -SenderDomainIs $domainList -SenderIpRanges $IPAddresses
Manually Set Up Advanced Delivery for Third-Party Phishing Simulations:
Log into your Office 365 portal and go into the Admin Center. The 3rd party phishing simulator is under Policies & Procedures > Threat Policies > Advanced Delivery. Add the 8 IP addresses and 10 domains from the lists above.
Direct Link: https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation
Manually Set Up Connection Filter Policy:
Direct Link: https://security.microsoft.com/antispam
Important!
If using the Report Message add-in, a user will receive false positive readings of clicking on links if the tool is used.
In addition, if you are using Microsoft Advanced Threat Protection in Office 365 use the following document to set up “do not rewrite” lists:
G Suite
https://support.google.com/a/answer/2368132?hl=en
Other Platforms:
Exchange 2007 – http://exchangepedia.com/2007/01/exchange-2007-content-filter-the-whitelist-is-here.html
Exchange 2010 – https://technet.microsoft.com/en-us/library/bb125225(v=exchg.141).aspx
Barracuda Block and Accept Policies – https://campus.barracuda.com/product/emailsecuritygateway/article/BSF/IPAnalysisInbound/?welcome-to-campus=techlibrary
Barracuda Intent Analysis Instructions – https://campus.barracuda.com/product/emailsecurityservice/article/BESS/IntentInbound/?welcome-to-campus=techlibrary
Websense – http://www.websense.com/content/support/library/web/v76/filter_faqs/filter_faq_whitelist.aspx
Trend Micro – http://esupport.trendmicro.com/solution/en-US/1056393.aspx
Forefront Protection for Exchange – https://technet.microsoft.com/en-us/library/cc483077.aspx