Skip to main content
Skip table of contents

Partner Platform Whitelisting Guide

Important Update April 28th, 2025

Based on feedback from several partners about inconsistent behavior with Header Token-Based Whitelisting — even in seemingly identical configurations — we have decided to deprecate this feature.

To ensure the reliable delivery of all General Availability simulation templates, update any clients that use Header Token-Based Whitelisting.

In its place, we are currently testing DMI (Direct Message Injection) and expect to release it in Beta for all partners soon.

What is Whitelisting

Client email whitelisting (allowing SoSafe senders and domain lists to bypass spam filters) is required to ensure the simulation emails reach employees' inboxes. In addition, this configuration will enable the employees to access the learning pages they are supposed to see if they click on one of these simulated emails.

We suggest initiating this process early during client setup, as it requires a clear understanding of the current email security landscape and the necessary permissions for configuring these settings. Following these instructions ensures that our simulated phishing emails, and only those, can bypass your client’s email filters.

IP Address-Based Whitelisting

IP Address-Based Whitelisting (IP WL) is a security method that ensures training emails come only from authorized sending servers, helping to distinguish legitimate training from actual phishing attempts.

It contains a list of approved IP addresses for SoSafe’s Phishing Simulation platform to avoid conflicts with regular email security systems.

The latest IP Whitelisting Guide (SoSafe Whitelisting Manual.pdf) is available for download through the platform and supports all templates included in the General Availability content package.

👉 Please re-download the guide to ensure you use the most up-to-date version.

As we release new phishing simulation templates in the future, additional envelope senders or URL domains may be introduced. To ensure these new simulation emails continue to bypass email security filters, your IP whitelisting configuration must be updated accordingly.

How do I set up IP Address-Based Whitelisting?

1. Get the latest configuration manual:

  1. Go to the client settings in SoSafe’s Partner Platform and open the Whitelisting menu item on the left side.

  2. From there, you can download the whitelisting guide (“SoSafe Whitelisting Manual.pdf”) by clicking on the Read how to do it (1) button or email it to someone else by clicking on the Send (2) button.

image-20250421-142246.png

2. Configure IP Address-Based Whitelisting

Use the following links to learn how to configure IP Address-Based Whitelisting for Microsoft 365 and Google Workspace environments:

Test Whitelisting configuration

Regardless of the whitelisting approach, because clients may have multi-layer security systems, it is crucial always to test that whitelisting is working as expected after the configuration.

To do so, send all test emails to an inbox that uses your client’s domain, and then have the client check to see if they were all received. In addition, the customer should check whether they are being forwarded to the micro-learning pages correctly when clicking the links.

  1. Go to the client settings in SoSafe’s Partner Platform and open the Whitelisting menu item on the left side.

  2. Click on the Send test emails (1) button, and enter an email address belonging to the client’s email domain.

image-20250421-145142.png

  1. On the Send test emails page, enter an email address from the client email domain and click Send.

image-20250421-150139.png

Confirm Whitelisting configuration

  1. Open the client’s email to validate that the Phishing Simulation emails are in the inbox.

  2. Then click on the email body links to confirm access to the micro-learning pages (like the example from below).

image-20241212-071154.png

  1. After testing the Whitelisting delivery, on Confirm successful whitelisting (1) enable the toggle.

image-20250421-150336.png

  1. On the Confirm client whitelisting page, select both checkboxes and click Confirm.

image-20250421-150732.png

Troubleshoot Whitelisting configuration

Whitelisting can be a complex topic, as email delivery behavior often depends on each client’s unique combination of email infrastructure and security settings.

To support a smoother experience, check this article for additional configuration options that allow partners to fine-tune the simulation delivery and end-user experience based on each client’s specific email and security stack.

You can check for any issues related to email delivery. However, it's important to note that emails that are redirected to spam folders due to incorrect whitelisting configurations will not generate a delivery error. For details on how to check email delivery issues, please refer to the FAQ.

What to Read Next and Related Articles

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close