Safelisting need to knows.

This is an overview of safelisting and details on safelisting.

Overview

Safelisting allows Hook Security, Inc's simulated phishing emails to bypass your mail filter(s) which guarantees delivery to the user's inbox. This is a requirement to ensure our simulations function properly. Most systems will require our IP addresses to be safelisted, and some may also require domains or safelisting by headers. This article is product agnostic and details common ways to configure safelisting for security solutions. Please review the Safelisting section of our user guide to find product specific safelisting articles. 

Hook Security, Inc IP Addresses

 

Mail Servers

Phishing, Training, and System emails all originate from separate IPs. US and EU have separate mail servers for Phishing and System emails, but both use the same Training email server. All the Hook Security, Inc mail IP addresses are listed below:

NOTE:  System emails include new account user emails, domain authorization emails, and School emails. Any emails generated in Hook Security, Inc that are not simulated phishing / training emails are considered system emails

US 

  • 64.191.166.196 (Phishing)
  • 64.191.166.197 (Training)
  • 69.72.47.194 (System)

EU 

  • 64.238.34.10 (Phishing)
  • 64.238.34.11 (Phishing)
  • 64.191.166.197 (Training)
  • 161.38.205.202 (System)

NOTE: Some email security software, such as Mimecast, will require you to safelist by CIDR range. The phishing mail server's CIDR range is 64.191.166.0/24 (US), 64.238.34.10/24 (EU).

Landing Page Servers

Hook Security, Inc landing page servers and image assets are hosted on the following IP addresses. In some cases you may need to safelist our landing page server(s) to allow images to display in emails, and allow targets to access landing pages.

US

  • 64.191.166.198
  • 64.191.166.201
  • 64.191.166.220
  • 64.191.166.221
  • 64.191.166.222
  • 64.191.166.223
  • 64.191.166.224

EU

  • 64.238.34.20

Portal and School IPs

Under certain circumstances (e.g. if you are trying to connect an LDAP integration to Hook Security, Inc) you may need to safelist the Hook Security, Inc portal IP address.

US

  • 54.80.160.189 (Portal)
  • 54.88.246.212 (School)

EU

  • 54.93.55.235 (Portal)
  • 3.67.53.250 (School)

Safelisting Domains

In some scenarios, it may be necessary to safelist phishing domains. The domains that need to be safelisted are specified by the templates that you are using. The image below shows where to locate the domain utilized by the template when viewing the Manage Templates page (Templates > Manage Templates).

safelisting

Email Header

If your security configuration does not allow safelisting by IP, you also have the option of using our custom email header. This header will be inserted into every email your organization receives from Hook Security, Inc. The header has the name 'X-PHISHTEST' and a default value of 'PhishingBox'. A custom header key/value pair can also be added by navigating to Administration > Settings > Mail Settings.

Safelisting Best Practices

  • Reference the Safelisting section of our User Guide and follow the guides specific to the products your company uses (e.g. Safelisting in Microsoft 365)
  • Send a Test Campaign to a few targets (e.g. the admins of the campaign) to ensure delivery to the inbox. The targets in this campaign should click the link(s) in the email and interact with the landing page to ensure actions are being recorded properly.
  • If mail is not successfully delivering to inboxes after proper safelisting, looking at message traces, quarantine reports and mail headers can help diagnose the rule or third party app interfering with deliverability.

Safelisting Assistance

Hook Security, Inc's technical support team can provide help with safelisting issues. Ultimately, you may need to contact the support of your mail service/security product if you're having deliverability issues. Shown below is an email you could send to your service provider's support team to request safelisting assistance. This message will help them understand the services Hook Security, Inc provides:

Our organization is using Hook Security, Inc, a security training platform that provides simulated phishing tests and training for our company's employees. We would like to safelist all Hook Security, Inc simulated phishing tests and training emails so that they successfully reach the inboxes of our employees. Would you please help us safelist Hook Security, Inc's IPs and hostnames?

Microsoft 365 and Google Workspace

The two most common mail services are Microsoft 365 and Google Workspace. Reference the guides below to configure safelisting in these platforms:

For further inquiries, contact Hook Security, Inc customer support.