The following guide will provide you with step-by-step instructions on how to allow PhishDeck’s simulated phishing emails by IP address through Proofpoint.

Why do I need to allow PhishDeck’s IP?

While PhishDeck emulates a real phishing attack, it is ensured that this is conducted with traceability and governance in mind. To such an extent, unlike real attackers using illegal botnets or other illicit methods of sending large volumes of phishing emails, all of PhishDeck’s phishing simulation emails originate from a single IP. This is done not only to be easy to allow (some mail filters only allow IP allow listing), but it’s also to ensure that it’s quick and easy to distinguish phishing simulation emails from real ones in the event of an investigation.

Naturally, IPs which only send phishing simulation emails are bound to be blocked, and to such an extent, we strongly suggest explicitly allowing PhishDeck’s IP addresses to avoid issues with your phishing simulation Campaigns – this process only needs to be set-up once.

Allowing PhishDeck’s IP in Proofpoint

Heads up – If you do have any other spam or email filtering system/s in front of Proofpoint, you should also allow PhishDeck’s IP addresses there too. For more information about how to do this, see how to allow my phishing simulation emails using a mail header.

  1. From the Proofpoint Admin console, navigate to Email Firewall and then Rules

  2. Select Enable and set to On

  3. Name your rule, something like “PhishDeck Allow List” and provide a description.

  4. In the Conditions section, enter our IP addresses. Find the latest list of our IP addresses in this article.

  5. In the Disposition section, change the Delivery Method to Deliver Now

  6. Finally, go ahead and Save the rule and run a test to confirm it works