No. The phishing emails are solely sent from our servers with our domains. The domains you see in the whitelisting list (in the SoSafe Manager under Dispatch > Whitelisting), and which a user could see if they try to respond to a simulated email.
The technology used for this ("domain spoofing") is very common. This way actual criminals can easily make an email look as it came from an internal address.