Magenta Security Awareness: Whitelisting guide
What is whitelisting
Client email whitelisting (allowing SoSafe senders and domain lists to bypass spam filters) is required to ensure the simulation emails reach employees' inboxes. In addition, this configuration will enable the employees to access the learning pages they are supposed to see if they click on one of these simulated emails.
We suggest initiating this process early during client setup, as it requires a clear understanding of the current email security landscape and the necessary permissions for configuring these settings. Following these instructions ensures that our simulated phishing emails, and only those, can bypass your client’s email filters.
IP address-based whitelisting
IP Address-Based Whitelisting (IP WL) is a security method that ensures training emails come only from authorized sending servers, helping to distinguish legitimate training from actual phishing attempts.
It contains a list of approved IP addresses for SoSafe’s Phishing Simulation platform to avoid conflicts with regular email security systems.
The latest IP Whitelisting Guide (SoSafe Whitelisting Manual.pdf) is available for download through the platform and supports all templates included in the General Availability content package.
👉 Please re-download the guide to ensure you use the most up-to-date version.
As we release new phishing simulation templates in the future, additional envelope senders or URL domains may be introduced. To ensure these new simulation emails continue to bypass email security filters, your IP whitelisting configuration must be updated accordingly.
How do I set up IP address-based whitelisting?
1. Get the latest configuration manual:
Go to the client settings in SoSafe’s Platform and open the Whitelisting menu item on the left side.
From there, you can download the whitelisting guide (“SoSafe Whitelisting Manual.pdf”) by clicking on the Read how to do it (1) button or email it to someone else by clicking on the Send (2) button.
2. Configure IP Address-Based Whitelisting
Use the following links to learn how to configure IP Address-Based Whitelisting for Microsoft 365 and Google Workspace environments:
Test whitelisting configuration
Regardless of the whitelisting approach, because you may have multi-layer security systems, it is crucial always to test that whitelisting is working as expected after the configuration.
To do so, send all test emails to an inbox that uses your domain, and then check if they were all received. In addition, you should check whether they are being forwarded to the micro-learning pages correctly when clicking the links.
Go to the settings in SoSafe’s Platform and open the Whitelisting menu item on the left side.
Click on the Send test emails (1) button, and enter an email address belonging to the your email domain.
On the Send test emails page, enter an email address from your email domain and click Send.
Confirm whitelisting configuration
Open the email inbox to validate that the Phishing Simulation emails are in the inbox.
Then click on the email body links to confirm access to the micro-learning pages (like the example from below).
After testing the Whitelisting delivery, on Confirm successful whitelisting (1) enable the toggle.
On the Confirm whitelisting page, select both checkboxes and click Confirm.
Troubleshoot whitelisting configuration
Whitelisting can be a complex topic, as email delivery behavior often depends on each unique combination of email infrastructure and security settings.
To support a smoother experience, check this article for additional configuration options that allows to fine-tune the simulation delivery and end-user experience based on each specific email and security stack.
You can check for any issues related to email delivery. However, it's important to note that emails that are redirected to spam folders due to incorrect whitelisting configurations will not generate a delivery error. For details on how to check email delivery issues, please refer to the FAQ.