After you’ve whitelisted with your mail server or web filters, we recommend that you conduct a series of test phishing campaigns to verify that your whitelisting settings are working correctly. For more information on whitelisting, see our Whitelisting Data and Anti-Spam Filtering Information article.
When creating your test phishing campaigns, we recommend having multiple users in each test group with different mail clients or browsers in your organization. Sending the test campaign to users with different environments helps to see if there are issues with a specific type of environment and if additional whitelisting rules are needed. Users who receive the test emails should click on the simulated phishing link and click through all landing page links and attachments to verify the links work and that clicks are being tracked.
If you plan to test your users with other types of attack vectors, we recommend that you include those types of email templates and landing pages you plan to use. See our Landing Page Category Glossary and Phishing Template Category Glossary for some examples.
Note: If your organization has multiple endpoints or mail servers, we recommend that you conduct a test phishing campaign for each system.
Below is an example of what the settings for your test campaign should look like.
- Campaign Name: Give the campaign a name that will help you identify this is a test campaign.
- Send to: Select your specific test group.
- Frequency: Since this will be a single test, set the frequency to one-time.
- Start Time: Pick a time that works best for all the users in the test group so they can anticipate the email’s arrival.
- Sending Period: We recommend having all the emails sent out at the same time so that you can get results back quickly.
- Track Activity: Set this field to one day.
- Template Categories: Choose any template categories that you plan on using in your own campaigns.
- Phish Link Domain: This can be edited to assist in whitelisting by domains, if necessary.
- Landing Page: Choose a variety of landing pages to ensure that they function with your current whitelisting rules.
- Hide from Reports: Select this check box. We recommend hiding the results from reports for the most accurate reporting of your phishing test results.
If you are not receiving any phishing emails from the above campaign, make sure to check your Junk or Spam folders for the message. If you still aren’t receiving the email or your landing pages are being blocked, you will need to check your whitelisting rules.
Once your campaign has been started, you can view your user’s clicks by clicking on the title of the campaign and navigating to the Users tab. This is where other types of failures can be seen as well, like replying to a phishing email or opening an attachment. If all clicks are not accounted for, see our Why Aren’t Clicks Being Shown in My Phishing Campaign article.
If you need assistance setting up your whitelisting rules, please submit a support ticket and we can help.