The following guide will provide you with step-by-step instructions on how to allow PhishDeck’s simulated phishing emails by IP address through Proofpoint.
Why do I need to allow PhishDeck’s IP?
While PhishDeck emulates a real phishing attack, it is ensured that this is conducted with traceability and governance in mind. To such an extent, unlike real attackers using illegal botnets or other illicit methods of sending large volumes of phishing emails, all of PhishDeck’s phishing simulation emails originate from a single IP. This is done not only to be easy to allow (some mail filters only allow IP allow listing), but it’s also to ensure that it’s quick and easy to distinguish phishing simulation emails from real ones in the event of an investigation.
Naturally, IPs which only send phishing simulation emails are bound to be blocked, and to such an extent, we strongly suggest explicitly allowing PhishDeck’s IP addresses to avoid issues with your phishing simulation Campaigns – this process only needs to be set-up once.
Allowing PhishDeck’s IP in Proofpoint
From the Proofpoint Admin console, navigate to Email Firewall and then Rules
Select Enable and set to On
Name your rule, something like “PhishDeck Allow List” and provide a description.
In the Conditions section, enter our IP addresses. Find the latest list of our IP addresses in this article.
In the Disposition section, change the Delivery Method to Deliver Now
Finally, go ahead and Save the rule and run a test to confirm it works