Skip to main content
Skip table of contents

Whitelisting

Why is Whitelisting Required

A sandbox is an isolated testing environment that enables users to run programs or execute files/links/attachments without affecting the application, system or platform on which they run. This helps to prevent malicious software from infecting your or your staff's computers.

However, when phishing campaigns are sandboxed, the sandboxing application will also click on the email links. This can cause data inaccuracies, and skew the results of a phishing campaign.

To prevent this, we recommend whitelisting both our IP addresses as well as our sending domains found below:

  • 104.130.122.237

  • 159.135.224.107

Sending Domains:

office-email.com.au
account-secure-login.com
app-gemail.com
app-g-secure.com
secure-g-accounts.com
login-gapps.com
securelogin-gservices.com
accounts-secure.com
securesystem-login.com
securelogin-account.com
accounts-moffice.com
accounts-office.com
secure-login-office.com
msoft-services.com
office-securelogin.com
securelogin-bank.com
app-finance.com
fraudteam-finance.com

We have created the below email, you can use the template to share this information with your IT support:

CODE 
Hi [name],

We are enrolling staff into regular phishing simulations and online security awareness training. 
It is important that these emails are delivered to our employees inbox. 
Please ensure the following IP are whitelisted for inbound delivery at our mail gateway as well as any email filters. 

104.130.122.237

159.135.224.107

Thanks in advance.

Whitelist by IP Address in Google Workspace

The guide below will assist in the process of whitelisting the security portal to ensure accurate delivery and reporting of campaigns sent to Google Workspace and Google Apps accounts.

We recommend setting up a test phishing campaign to yourself or a low volume sending group after you follow the below steps to ensure your whitelisting was successful. The setting may take up to an hour to propagate to all users.

Part 1: Add sending IP addresses to Email Whitelist

We recommend setting up a test phishing campaign to yourself or a small group after you follow the below steps to ensure your whitelisting was successful. The setting may take up to an hour to propagate to all users, so wait at least an hour before testing.

Log in to https://admin.google.com and select Apps.

 

Select Google Workspaces

 

Select Gmail.

Select Spam, Phishing and Malware.

 

In the Email allowlist section, enter the following IP addresses separated by commas:

  • 159.135.224.107

  • 104.130.122.237

Part 2: Add IP addresses as Inbound Gateways

This method of whitelisting is to prevent the following Google banners from appearing in your user's inbox:

  1. Log in to your Google Admin Console.

  2. Navigate to Apps > Google Workspace > Gmail > Spam, Phishing and Malware.

  3. Scroll down to the Inbound Gateway setting located under the Spam, Phishing and Malware section. Hover over the setting and click the Pencil icon. This will open the Inbound gateway screen.

Configure the Inbound gateway using the settings below:

  1. Gateway IPs
    Add the IP Addresses for:

    • 159.135.224.107

    • 104.130.122.237

  2. Leave the Reject all mail not from gateway IPs option unchecked.

  3. Check Require TLS for connections from the email gateways listed above.

  4. Message Tagging
    Enter text "AllowThisEmail" for the Spam Header Tag.

  5. Select the Disable Gmail spam evaluation on mail from this gateway; only use header value.

  6. Click the ADD SETTING button.

Part 3: Create approved sender lists

Adding the sender domains will ensure emails aren’t sent to spam.

  1. Log in to your Google Admin Console.

  2. Navigate to Apps > Google Workspace > Gmail > Spam, Phishing and Malware.

  3. Scroll down to the Spam setting located under the Spam, Phishing and Malware section. Hover over the setting and click the Configure icon.

  4. For the name type in “Cyber Aware Simulations”

  5. Click on Create or edit list

  6. A new tab will open up, you may be asked to reauthenticate

  7. Click on ADD ADDRESS LIST

     

  8. Under Name type in “CA Sender Domains”

     

  9. Click on BULK-ADD ADDRESSES

     

  10. Copy and paste the below domain list into the field:

    CODE 
    office-email.com.au, account-secure-login.com, app-gemail.com, app-g-secure.com, secure-g-accounts.com, login-gapps.com, securelogin-gservices.com, accounts-secure.com, securesystem-login.com, securelogin-account.com, accounts-moffice.com, accounts-office.com, secure-login-office.com, msoft-services.com, office-securelogin.com, securelogin-bank.com, app-finance.com, fraudteam-finance.com

     

  11. Untick the Require Sender Authentication box and click on ADD

     

  12. Navigate back to the previous tab and select the Address List we just created

     

  13. Click Save and confirm whitelisting is correct by performing a phishing simulation test

Microsoft 365 Security - Whitelisting

Whitelist Cyber Aware email servers

  1. Log in to Office 365 and go to Security

  2. Go to Policies & rules > Threat policies

     

  3. Click on “Anti-spam”

     

  4. Double click ‘Connection Filter Policy’ > Click Edit Connection Filter Policy

     

  5. Enter the following IP Addresses then click Save:

    1. 104.130.122.237

    2. 159.135.224.107

  6. If the following prompt pops up, click Yes

  7.  

Add Mail Flow rules to bypass Spam Filtering and Clutter

  1. Go to your Exchange admin center.

    1. This can be found via the following URL: https://admin.exchange.microsoft.com

  2. Go to Mail Flow > Rules

    1. Create a Bypass Spam Filtering Rule

  3. Fill in the following details

    1. Name: Awareness Campaign Spam Filter by IP Address

    2. Apply this rule if: The sender IP address is any of these ranges or exactly matches

  4. Click “Enter IPv4 or IPv6 addresses...” and enter

    1. 104.130.122.237

    2. 159.135.224.107

  5. Add a message header

    1. Click Add Action

    2. Click ‘Modify the message properties’ > ‘Set a Message Header'

       

  6. Modify the message header and value:

    1. Click on Set a message header "Enter text..." and add the following (case sensitive!):

      1. X-MS-Exchange-Organization-BypassClutter

    2. Click on ... to the value “Enter text…” and add (case sensitive!):

      1. true

    3. Click Save

       

Add Mail Flow rule to bypass Focused Inbox

  1. Go to Mail Flow > Rules

    1. Create a Bypass Spam Filtering Rule

  2. Fill in the following details

    1. Name: Focused Inbox Whitelisting

    2. Apply this rule if: The sender IP address is any of these ranges or exactly matches

       

  3. Click “Enter IPv4 or IPv6 addresses...” and enter

    1. 104.130.122.237

    2. 159.135.224.107

  4. Replace the Bypass Spam Filtering Rule:

    1. Click *Do the Following….

    2. Modify the message properties > set a message header

       

  5. Modify the message header and value:

    1. Click on Set a message header "Enter text..." and add the following (case sensitive!):

      1. X-MS-Exchange-Organization-BypassFocusedInbox

    2. Click on ... to the value “Enter text…” and add (case sensitive!):

      1. true

Add mail flow rule to skip Junk Filtering

  1. Go to Mail Flow > Rules

    1. Create a Bypass Spam Filtering Rule

  2. Fill in the following details

    1. Name: Skip Junk Filtering

    2. Apply this rule if: The sender IP address is any of these ranges or exactly matches

  3. Click “Enter IPv4 or IPv6 addresses...” and enter

    1. 104.130.122.237

    2. 159.135.224.107

  4. Replace the Bypass Spam Filtering Rule:

    1. Click *Do the Following….

    2. Modify the message properties > set a message header

       

  5. Modify the message header and value:

    1. Click on Set a message header "Enter text..." and add the following (case sensitive!):

      1. X-Forefront-Antispam-Report

    2. Click on ... to the value “Enter text…” and add (case sensitive!):

      1. SFV:SKI;

ATP: Skip link scanning

Setting up Advanced Threat Protection Rules

Using Advanced Threat Protection can, unfortunately, cause false positives on link clicks or attachment opens. Follow our step-by-step guide below to set up rules to allow the campaign phishing emails to bypass ATP.

  1. Go to Mail Flow > Rules

    1. Create a Bypass Spam Filtering Rule

  2. Fill in the following details

    1. Name: Bypass ATP Links

    2. Apply this rule if: The sender IP address is any of these ranges or exactly matches

  3. Click “Enter IPv4 or IPv6 addresses...” and enter

    1. 104.130.122.237

    2. 159.135.224.107

  4. Replace the Bypass Spam Filtering Rule:

    1. Click *Do the Following….

    2. Modify the message properties > set a message header

       

  5. Modify the message header and value:

    1. Click on Set a message header "Enter text..." and add the following (case sensitive!):

      1. X-MS-Exchange-Organization-SkipSafeLinksProcessing

    2. Click on ... to the value “Enter text…” and add (case sensitive!):

      1. 1

         

ATP: Skip attachment scanning

  1. Go to Mail Flow > Rules

    1. Create a Bypass Spam Filtering Rule

  2. Fill in the following details

    1. Name: Bypass ATP Attachments

    2. Apply this rule if: The sender IP address is any of these ranges or exactly matches

  3. Click “Enter IPv4 or IPv6 addresses...” and enter

    1. 104.130.122.237

    2. 159.135.224.107

  4. Replace the Bypass Spam Filtering Rule:

    1. Click *Do the Following….

    2. Modify the message properties > set a message header

       

  5. Modify the message header and value:

    1. Click on Set a message header "Enter text..." and add the following (case sensitive!):

      1. X-MS-Exchange-Organization-SkipSafeAttachmentProcessing

    2. Click on ... to the value “Enter text…” and add (case sensitive!):

      1. 1

Adding Exceptions to O365 Safe Links Policy

  1. Go to Security in your O365 environment

     

  2. Go to “Policies & rules” → “Threat Policies”

     

  3. Click on “Safe Links”

     

  4. Click on “Create”

     

  5. Name the policy “Cyber Aware Safe Links” and Click on “Next”

     

  6. Select the users, group or domains you would like this policy to apply to. In this example I will make the group “Cyber Aware” as that group contains all my learners.

     

  7. Your settings don’t need to be exactly the same as my example as they will be organisation specific. However click on “Manage 0 URLs” under “Do not rewrite the following URLs in email (0)”

     

  8. Add all the sending domains you plan on using for your phishing simulations. List of sending domains is below:

    1. *.office-email.com.au/*

    2. *.account-secure-login.com/*

    3. *.app-gemail.com/*

    4. *.app-g-secure.com/*

    5. *.secure-g-accounts.com/*

    6. *.login-gapps.com/*

    7. *.securelogin-gservices.com/*

    8. *.accounts-secure.com/*

    9. *.securesystem-login.com/*

    10. *.securelogin-account.com/*

    11. *.accounts-moffice.com/*

    12. *.accounts-office.com/*

    13. *.secure-login-office.com/*

    14. *.msoft-services.com/*

    15. *.office-securelogin.com/*

    16. *.securelogin-bank.com/*

    17. *.app-finance.com/*

    18. *.fraudteam-finance.com/*

  9. Your list should look like the below (If you plan on using all of the sending domains)

     

  10. Click on “Next” two more time and then “Submit”

Configure Third-Party Phishing Simulations in Microsoft 365 Defender

  1. In Defender click on “Policies & rules” → “Threat Policies” → “Advanced Delivery” → “Phishing Simulations” → “Add”

     

  2. Under “Domains” enter the sending domain you plan on using:
    office-email.com.au
    account-secure-login.com
    app-gemail.com
    app-g-secure.com
    secure-g-accounts.com
    login-gapps.com
    securelogin-gservices.com
    accounts-secure.com
    securesystem-login.com
    securelogin-account.com
    accounts-moffice.com
    accounts-office.com
    secure-login-office.com
    msoft-services.com
    office-securelogin.com
    securelogin-bank.com
    app-finance.com
    fraudteam-finance.com

  3. Under “Sending IP” enter in both the below IP’s:
    104.130.122.237 & 159.135.224.107

  4. Under “Simulation URL” enter in the sending domains you plan on using. Please note this section only allows upto 10 URL’s.

    1. *.office-email.com.au/*

    2. *.account-secure-login.com/*

    3. *.app-gemail.com/*

    4. *.app-g-secure.com/*

    5. *.secure-g-accounts.com/*

    6. *.login-gapps.com/*

    7. *.securelogin-gservices.com/*

    8. *.accounts-secure.com/*

    9. *.securesystem-login.com/*

    10. *.securelogin-account.com/*

    11. *.accounts-moffice.com/*

    12. *.accounts-office.com/*

    13. *.secure-login-office.com/*

    14. *.msoft-services.com/*

    15. *.office-securelogin.com/*

    16. *.securelogin-bank.com/*

    17. *.app-finance.com/*

    18. *.fraudteam-finance.com/*

  1. When you’re finished, do one of the following:

  • First time: Click Add, and then click Close.

  • Edit existing: Click Save and then click Close.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close