Ensuring simulated phishing is delivered

When you are sending simulated phishing, there is (luckily) a risk that your spam filter will deny emails from being delivered to your colleagues. By whitelisting our mail servers as a sender, you can ensure that all users receive simulated phishing as intended.

This guide is intended for administrators to allow simulated phishing from Secure Practice.

You will need to complete at least one, and possibly several of the guides mentioned on this page to guarantee delivery of simulated phishing.

Identify relevant systems

First of all, identify which email and security systems are relevant for whitelisting.

Finally, for any other relevant third party systems, you may need to whitelist in these too.

Relevant IP addresses/domains

It may in such cases also be necessary to perform whitelisting of the following IP addresses here, so that simulated phishing campaigns will perform as intended:

  • (new from October 2022)
  • (to be discontinued in 2023)
  • (not used for simulated phishing, but for any other service emails)

Your company may be using products like a web filter or proxy for filtering outgoing links. Hence, a similar need for whitelisting can also be present here.

In this case, you may need to review the web domains used for your simulated phishing campaigns in the customer portal, and consider whether these domains should be whitelisted.

Email gateways

Relevant systems are typically email gateway products (spam filters) apart from Exchange where incoming email is somehow filtered, include sandboxing products for scanning attachments in emails.

The following manuals provide instructions for whitelisting or bypassing filtering in other products (external sites):


You may also find that relevant products include a web filter or proxy solution, which may block outgoing connections from your organizations, including links in simulated phishing emails.

The following manuals provide instructions for whitelisting or bypassing web filtering (external sites):