This section provides a brief description of whitelisting and the steps required to use the platform effectively.

A whitelist is an inventory of approved sources, such as IP addresses, email addresses, and applications, that are considered safe and have been granted unrestricted access to a system.

Platform IP addresses or PTR domains must be whitelisted with your server and security solutions to allow the simulated phishing emails, training, and other emails sent via the platform to reach users' inboxes without being blocked by any filters.

It is strongly advised that you send a test email to a group of users to ensure that the whitelisting is successful.

Please remember that you should follow the same procedure if you use any email security solution.

IP Addresses and Domains to Allow

All clients must whitelist the IP address or PTR domains listed below with their email server and security solutions.

SMTP IP AddressSMTP PTR Record




The instructions below will show you how to whitelist addresses with the most commonly used email services.



Q: Can I use Phishing Simulation on Office 365 without using Whitelisting?

A: Yes, you can. Our Direct Email Creation (DEC) feature enables you to send simulated phishing emails directly to users' inboxes, eliminating the need for Whitelisting. Discover how to leverage the DEC feature here.

Q: Does whitelisting create a security weakness?

A: Whitelisted IP addresses or PTR Domains are owned by the platform, and only authorized admins are able to send emails to selected target users. Therefore, it does not create a security weakness for the organization.

Q: Can I run training assignments or phishing tests without whitelisting?

A: Yes, you can, but it is definitely not recommended. If whitelisting is not properly done, there may be delivery difficulties. The best practice is to whitelist the platform IPs or PTR Domains before using the product.

Last updated

Copyright © Keepnet Labs LTD. All rights reserved.