This knowledgebase helps you add the SoSafe email servers to the whitelist on Exchange on Premise (Exchange Server 2013/2016/2019), Exchange Online (Microsoft 365, Office 365) or the Google Workspace. In this way, you create the necessary prerequisites for our simulated phishing e-mails to actually reach your employees' inboxes and to be able to access the educational learning/educational pages.

The aim is to enable us to send simulated phishing e-mails that bypass your mail filters. Don't worry: This configuration only allows our simulated phishing e-mails to bypass this filter.

It is important that you start whitelisting early and initiate any necessary processes. However, a final whitelisting is only possible after the templates have been fine-tuned, as sender addresses can change, for example. Afterwards, the effectiveness of the whitelisting should be checked by test-sending all e-mails to your inbox and click on them to check the correct display of the learning pages. If you have any questions, please contact your SoSafe contact person. 

You will find all relevant and up-to-date information about your campaign on our portal under the tab Dispatch > Whitelisting:

  • The IP addresses of our mail servers.
  • The envelope sender addresses (technical senders) used in your campaign.
  • The list of domains used in the SoSafe Phishing links.
  • The list of domains used for the e-learning platform.
  • The SoSafe image server.

Self-service customers can only view this information via their individual SoSafe Manager access. All other customers can additionally access this information via the following direct link:

In this knowledgebase you will find information on how to whitelist the following products: 

If the instructions on your M365-product are not sufficient, you can find further information here:

Due to current communication from microsoft, it can be assumed that the whitelisting via conventional ways (allow lists/ mail flow rules) may not be sufficient anymore. We highly recomment to follow the third-party-phishing-simulation guide via microsoft defender.