1. Home
  2. Breach Prevention Platform
  3. Phishing Test Whitelisting Requirements

Phishing Test Whitelisting Requirements

These whitelisting instructions will allow all emails from our platform to be sent & received (Welcome, weekly security tips, phishing, and push notifications). The most effective way to whitelist is by IP Address and domain. Our phishing header is also included below. If using Office 365, you will need to configure Advanced Delivery for SecOps Mailboxes and Third-Party Phishing Simulations.

IP Addresses

Welcome, Weekly Security Tip & Push Notifications Emails


Phishing Emails

  • *
  • *
  • *

* These are reserved IP addresses.  If you are using a third-party spam filter with its own IP addresses, you can replace these reserved IP addresses with the third-party spam filter’s IP addresses.


Welcome, Weekly Security Tip & Push Notifications Emails

  • security-reminders.com
  • pii-protect.com

Phishing Emails

  • it-support.care
  • customer-portal.info
  • member-services.info
  • bankonlinesupport.com
  • secureaccess.biz
  • logineverification.com
  • Iogmein.com
  • mlcrosoft.live
  • cloud-service-care.com
  • packagetrackingportal.com

Phishing Email Header

This is the Phishing Email Header we use; you can choose to whitelist these as well but not required:


Sender Emails

Whitelist these emails for the Welcome, Weekly Security Tip & Push Notifications Emails

Whitelisting for Various Platforms

The methods to do this depend on the spam filter you are using. Some common filters are listed below along with directions on how to whitelist.

Microsoft 365

Use one of the following methods to whitelist.

Powershell Script for Windows
#Requires -Module ExchangeOnlineManagement 
Install-Module ExchangeOnlineManagement

#IP addresses for phishing, welcome, micro-training, newsletter & reminder emails
$IPAddresses = "",

#Phishing Domains
$domainList = "it-support.care",

#Phishing Simulation URLs
$simURL = "~it-support.care~",

#Phishing Override Rule Name
$phishRuleName = "BSNPhishSimOverrideRule"
#Connector Name
$connectorName = "BSN Connector"

#Add URL's to Advanced Delivery Third Party Phishing Simulation
New-TenantAllowBlockListItems -Allow -ListType Url -ListSubType AdvancedDelivery -Entries $simURL -NoExpiration

#Create a connector for BSN IP addresses
New-InboundConnector -Name $connectorName -SenderIPAddresses $IPAddresses -RequireTls $true -Enabled $true -SenderDomains *

#Set Connection Filter Policy
$listIPAllowList = New-Object System.Collections.Generic.HashSet[String]
foreach ($ip in $IPAddresses){[void]$listIPAllowList.add($ip)}
(Get-HostedConnectionFilterPolicy -Identity Default).IPAllowList | ForEach-Object {[void]$listIPAllowList.Add($_)}
Set-HostedConnectionFilterPolicy -Identity Default -IPAllowList $listIPAllowList


#Add domains and IP addresses to Advanced Delivery Third Party Phishing Simulation
New-PhishSimOverridePolicy -Name PhishSimOverridePolicy
New-PhishSimOverrideRule -Name $phishRuleName -Policy PhishSimOverridePolicy -SenderDomainIs $domainList -SenderIpRanges $IPAddresses 
Manually Set Up Advanced Delivery for Third-Party Phishing Simulations:

Log into your Office 365 portal and go into the Admin Center. The 3rd party phishing simulator is under Policies & Procedures > Threat Policies > Advanced Delivery. Add the 8 IP addresses and 10 domains from the lists above.

Direct Link: https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation

Manually Set Up Connection Filter Policy:

Direct Link: https://security.microsoft.com/antispam


If using the Report Message add-in, a user will receive false positive readings of clicking on links if the tool is used.


In addition, if you are using Microsoft Advanced Threat Protection in Office 365 use the following document to set up “do not rewrite” lists:


G Suite


Other Platforms:

Exchange 2007 – http://exchangepedia.com/2007/01/exchange-2007-content-filter-the-whitelist-is-here.html

Exchange 2010 – https://technet.microsoft.com/en-us/library/bb125225(v=exchg.141).aspx

Barracuda Block and Accept Policies – https://campus.barracuda.com/product/emailsecuritygateway/article/BSF/IPAnalysisInbound/?welcome-to-campus=techlibrary

Barracuda Intent Analysis Instructions – https://campus.barracuda.com/product/emailsecurityservice/article/BESS/IntentInbound/?welcome-to-campus=techlibrary

Websense – http://www.websense.com/content/support/library/web/v76/filter_faqs/filter_faq_whitelist.aspx

Trend Micro – http://esupport.trendmicro.com/solution/en-US/1056393.aspx

Forefront Protection for Exchange – https://technet.microsoft.com/en-us/library/cc483077.aspx

Updated on December 8, 2022

Was this article helpful?

Related Articles

Leave a Comment