This knowledgebase helps you add the SoSafe email servers to the whitelist in Exchange Online (Microsoft 365, Office 365). In this way, you create the necessary prerequisites for our simulated phishing e-mails to actually reach your employees' inboxes and to be able to access the learning/educational pages.

The aim is to enable us to send simulated phishing e-mails that bypass your mail filters. Don't worry: This configuration only allows our simulated phishing e-mails to bypass this filter.

It is important that you start whitelisting early and initiate any necessary processes. However, definitive whitelisting is only possible after the templates have been fine-tuned, as sender addresses can change, for example. Afterwards, the effectiveness of the whitelisting should be checked by test-sending all e-mails to your inbox and clicking on them to check that the learning pages are displayed correctly. If you have any questions, please get in touch with your contact at SoSafe

You will find all relevant and up-to-date information about your campaign on our portal under the tab Dispatch > Whitelisting:

  • The IP addresses of our mail servers.
  • The envelope sender addresses (technical senders) used in your campaign.
  • The list of domains used in the SoSafe phishing links.
  • The list of domains used for the e-learning platform.
  • The SoSafe image server.

Self-service customers can only view this information via their individual SoSafe Manager access. All other customers can also access this information via the following direct link:


We recommend working through the instructions in the following order:

If the instructions on your M365 product are not sufficient, you can find further information here:

Configuration of e-mail clients

For an optimal training effect, we recommend allowing the loading of images for our e-mails. You can find the instructions in our section Configuration of e-mail clients.