Whitelisting for Remote Social Engineering Phishing Services

This information is intended for clients who are receiving a Remote Social Engineering Phishing service. If you are unsure whether this information applies to your organization, please consult with your Customer Success Manager.

Phishing Mailserver Whitelisting (Recommended/Required in Majority of Environments)

To facilitate successful delivery of our phishing emails into your mail environment, you must whitelist inbound traffic from 35.174.83.75. This is the IP address of the TracePhishing mailserver which sends the simulated phishing emails to the target email addresses.

If your organization is unable to apply this inbound whitelisting into your environment for any reason, please let your CSM know that you will be requiring a "Shields Up" Phishing test wherein your organization leaves email protections in place for the duration of the simulation.

Phishing Listener Whitelisting

To facilitate successful tracking of Email Opened and Clicked Link findings, you may also need to whitelist outbound traffic from your environment to 18.218.235.190. This is the IP address of the TraceInsight web server which listens for phishing events while the campaign is running.

This kind of outbound whitelisting is usually only required in the most stringent firewall environments. If you are unsure whether this setting applies to your organization, we recommend consulting with your IT provider and/or firewall vendor.

Domain- or Sender-Specific Whitelisting

If IP-based whitelisting is not supported in your environment and domain- or sender-specific whitelisting is required instead, please consult with your CSM and the analyst performing the phishing service. This information will vary depending on which email templates you choose in scoping and on evolving best practices in our phishing software and service.