When simulated phishing emails using spoofing come with the following warnings:
- This sender email@example.com is from outside your organization.
- We could not verify the identity of the sender. Click here to learn more. The actual sender of this message is different than the normal sender. Click here to learn more.
you have the possibility to configure the Tenant Allow/Block Lists via the Spoof Intelligence.
We provide instructions on how to do this here.
Log in to your mail server portal and click “Security” in the menu.
Under “Policies & rules” select “Threat policies”.
Under “Threat policies” click on “Tenant Allow/Block Lists”.
Under "Spoofing", click "+Add".
A window will open from which you can add new domain pairs.
Specify the spoofed user (display name in email) as the first value. You will not find this in the Whitelisting section, but under Simulation > Template Preview.As the second value (separated by a comma), specify our IPv4 address. Since we use multiple mail servers for sending, the operation must be done for each IPv4 address. Entries are separated by a line break. The IPv4 addresses of our mail servers can be found in the whitelisting information of the SoSafe Manager.
For example, a complete entry for a spoofed user looks like this:
- firstname.lastname@example.org, first IPv4 address
- email@example.com, second IPv4 address
- firstname.lastname@example.org, third IPv4 address
Now set the "Spoof type" to "Internal" and select the "Allow" setting under "Action".