Whitelisting ensures your phishing simulation emails are delivered to your users’ inboxes and are not blocked or quarantined by email security systems.
This article explains what you need to whitelist. For platform-specific instructions, use the step-by-step guides linked below.
What whitelisting is for
Whitelisting is used to improve email delivery. It tells your email environment that Guardey simulation emails are allowed to pass through.
ℹ️ Whitelisting affects email delivery. It does not control landing pages or browser access.
What you must whitelist
To receive Guardey phishing simulations successfully, whitelist:
-
Sending IP addresses
These are the Guardey IP addresses used to send simulation emails.
-
Sending domains
These are the domains after @ in the sender email address used by Guardey templates.
-
Any additional email security tooling
If you use extra filtering tools (for example, a secure email gateway or spam filter), whitelist the same sending IPs and sending domains there as well.
ℹ️ The sending domain does not need to match the landing page domain. That is expected.
Where to whitelist
Choose the correct guide based on your email platform:
If you use another email provider, consult their documentation for whitelisting:
- sending IP addresses
- sender domains
Should you whitelist all sending domains or only one?
Recommended: whitelist all sending domains
Whitelist all sending domains if you use (or plan to use) randomized campaigns. Randomized campaigns can select from multiple templates, and templates may use different sending domains.
This reduces future maintenance and prevents unexpected delivery issues when you change templates.
Minimal setup: whitelist only the domains you need
If you prefer a minimal setup, you can whitelist only the sending domain(s) used by your current campaign.
Keep in mind:
- if you switch templates later, you may need to whitelist additional domains
- randomized campaigns typically require more than one domain over time
Sending IP addresses to whitelist
Whitelist the IP addresses below in your email provider:
- 194.5.85.12
- 194.5.85.13
- 194.5.85.14
- 194.5.85.15
- 194.5.85.16
- 194.5.85.17
- 194.5.85.18
- 194.5.85.19
Tip: optimize your IP list
Microsoft 365 limits the number of IP entries you can add. To save space, you can add the following CIDR notation:
- 194.5.85.0/26
Or use an IP range:
- 194.5.85.8-194.5.85.30
Sending domains to whitelist
Whitelist the domains below either individually or all at once.
ℹ️ These are sending domains (the domain after @). They may differ from landing page domains.
- 0ffice.online
- datumprlkker.nl
- nnbrs.nl
- starkado.nl
- aliianz.nl
- pro-hrmanagement.com
- vizma.nl
- timechinp.nl
- slmplicate.nl
- dedaree.nl
- exacl.nl
- my-chatgpt.net
- online-emea-adp.com
- my-saleforce.com
- my-payment-service.com
- noreplybox.com
- thesupport-center.com
- myaccounts-google.com
- globelinkhub.com
- infosecura.net
- datadashsystems.com
- proximacorp.net
- mailaccessportal.com
- unitechbase.nl
- nexodoc.nl
- kandatuvo.com
- nexofficemail.com
- cloudsafeforms.com
- filemonic.com
- staff-notify.com
- docovia.nl
- datavilo.nl
- cloudexo.nl
Verify whitelisting with a small test
After whitelisting the sending IPs and sending domains:
- Set up a small one-time phishing campaign to yourself or a test group.
- Confirm the email arrives in the primary inbox (not spam/junk/quarantine).
- If the email is quarantined or blocked, check your email security logs for the reason and verify your whitelisting entries.
Next step
Landing pages blocked by firewall or web filtering
Whitelisting helps simulation emails reach inboxes. If users can open the email but cannot access the landing page after clicking, your firewall, proxy, or web filter may be blocking the landing page domain.
This is separate from email whitelisting and must be resolved in your web security tooling.
ℹ️ Tip: If your organization uses strict web filtering, involve your IT/security team to allow the landing page domains used by Guardey simulations.
Comments
0 comments
Article is closed for comments.