Whitelisting IP addresses and domains for phishing simulations – Support Guardey

Why whitelisting is important

Whitelisting ensures your phishing simulation emails are delivered to users’ inboxes and are not blocked or sent to spam by email security systems.

Both sender IP addresses and domains must be whitelisted, as most security solutions check both.

Some phishing simulation emails may use “lookalike” domains to mimic real threats; these sending domains must also be whitelisted.

Where and how to whitelist

Microsoft 365 (Office 365): Use the Advanced Delivery policy in Microsoft Defender to whitelist external phishing simulations. See our detailed guide: Whitelisting for third-party phishing simulations (Microsoft 365).

Google Workspace: Set up inbound gateway rules and add IP addresses to your trusted senders list. See Whitelisting in Google Workspace.

Other providers: Consult your mail/security provider documentation on how to whitelist both sending IPs and domains.

Additional whitelisting tips

You only need to whitelist the sender's domain (the part after the @ in the sender's email) and the above IP addresses, not the domains/URLs inside the phishing emails.

If your spam filter or defender is "clicking" on links automatically (e.g., Safe Links/ATP in Microsoft Defender), you may want to adjust this setting so you get accurate test results. Learn more about safe links.

If you use custom domains for your own phishing simulations, make sure those are also whitelisted in addition to the standard Guardey-supplied domains.

Test whitelisting by sending to a small group first. Phishing emails should arrive in the primary inbox and not the spam, junk, or quarantine folders.

If you use external IT partners for email management, share this article and the whitelist information with them.

Special notes

Do not whitelist public mailbox domains (like @hotmail.com, @gmail.com, @outlook.com): Phishing simulations should only be sent to your organization’s users.

If you still cannot receive the emails after whitelisting, check if your mail server has any additional filtering (e.g., DKIM/SPF policies, other anti-spoofing rules) that could block simulation emails.

For all technical requirements per client/organization type, see our tailored instructions for organizations < 500 users, Google Workspace, and Microsoft 365.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

IP addresses to whitelist

Please whitelist all the IPs listed below in your email provider:

194.5.85.8
194.5.85.10
194.5.85.11
194.5.85.12
194.5.85.13
194.5.85.14
194.5.85.15
194.5.85.16
194.5.85.17
194.5.85.18
194.5.85.19

Phishing (sending) domains to whitelist

Whitelist the following domains in your email provider's settings:

Testing the whitelisting

After whitelisting the IP addresses and domains:

Step 1: Set up a test phishing campaign to yourself.

Step 2: Monitor the campaign to ensure that the emails are delivered successfully and are not flagged as spam or blocked by your system.

If the test campaign is successful, proceed to launch your phishing campaign for the rest of your users. If you encounter any issues, please revisit the whitelisting settings or contact our support for further assistance.

For more information on setting up a phishing campaign check out our helpcenter article: setting up a phishing campaign.

Troubleshooting

If emails appear in quarantine or are not delivered, double-check all IPs and domains are correctly whitelisted.

Review the email security logs or quarantine center for possible blocked messages.

If you see red security warnings when clicking links in simulation emails (e.g., from Microsoft Defender), this is normal internal browser protection (see explanation here). The delivery itself depends on whitelisting IPs and sender domains.⁠⁠

Related resources

Whitelisting IP Addresses and Domains for Phishing Simulations

Setting up a phishing campaign

Phishing campaign requirements by organization size

Contact support if technical issues persist after following these steps.

Related articles