Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Português (Portugal) Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

Whitelisting Data and Anti-Spam Filtering Information

Updated:

Created:

Whitelist Data and Anti-Spam Filtering

Before you can begin phishing and training your users, you'll need to whitelist KnowBe4 to ensure that our training notifications and simulated phishing security tests (PSTs) successfully reach your users' inboxes. If you don't whitelist our emails properly, they may be blocked or filtered by your mail server or spam filter.

Note: For Microsoft 365 users, we recommend Microsoft's Advanced Delivery Policies feature. Advanced Delivery bypasses some of Microsoft's security configurations and allows you to create a secure connection for phishing simulations. For more information, see our How to Use Advanced Delivery Policies in Microsoft 365.

See the sections below for information about whitelisting and anti-spam filtering.

Jump to:
Whitelisting Best Practices

KnowBe4's IP Addresses, Hostnames, and Headers

Whitelisting Your Mail Server

Whitelisting Your Spam Filter

Running a Test Campaign

Additional Configurations

Troubleshooting

 

Whitelisting Best Practices

The whitelisting methods that you'll need to use depend on your organization's mail server and spam filter.

When you whitelist our emails, we recommend that you follow the best practices listed below:

  • If you don't have a cloud-based spam filter, we recommend that you whitelist either our IP addresses or our hostnames in your mail server. For information about whitelisting your mail server, see the Whitelist Your Mail Servers section below.
    Note: You don't need to whitelist both IP addresses and hostnames.
  • If you have a cloud-based spam filter, we recommend that you whitelist by email header in your mail server and whitelist by IP address or hostname in your spam filter. For information, see the Whitelisting Your Mail Servers and Whitelisting Your Email and Web Filters sections below.
    Note: You don't need to whitelist both IP addresses and hostnames.

To see which method is best for your organization, you can use our Whitelisting Wizard.

Back to top

 

KnowBe4's IP Addresses, Hostnames, and Headers

See below for a list of our IP addresses or hostnames, and headers. You'll need this information to whitelist your organization's mail server and spam filter.

Note: We recommend that you don't whitelist by both IP address and header in your mail server. If you're unsure which method to use, see our Whitelisting Wizard to find out which whitelisting method is best for your organization.

For accounts located at training.knowbe4.com, ca.knowbe4.com, uk.knowbe4.com, and de.knowbe4.com, see the table below:

IP Addresses

 Messages Sent

147.160.167.0/26

Note: "/26" indicates the IP range 147.160.167.0 - 147.160.167.63. If your whitelisting provider doesn't allow for an IP range, each IP in this range will need to be entered individually. For more information, see Microsoft's Understand TCP/IP addressing and subnetting basics article.
  • Current IP addresses for training notifications
  • Future IP addresses for PSTs

23.21.109.197

23.21.109.212
  • Current IP addresses for training notifications and PSTs

 
Note: Make sure to copy and paste these IP addresses exactly, including any periods or forward slashes.

Hostnames

Messages Sent

psm.knowbe4.com
  • KnowBe4 training notifications and PSTs
Note: As a security best practice, we recommend that you don't whitelist by email header on your public email endpoint.

PST Email Header

Email Header Text

X-PHISHTEST

Note: X-PHISHTEST is the default header. If you're using a custom header or header token, you could whitelist by that header. For information on creating a custom header or header token, see our How to Edit Your Account Settings article.

This is a phishing security test from KnowBe4 that has been authorized by the recipient organization.

 


For accounts located at eu.knowbe4.com, see the table below:

IP Addresses

Messages Sent

147.160.167.0/26

Note: "/26" indicates the IP range 147.160.167.0 - 147.160.167.63. If your whitelisting provider doesn't allow for an IP range, each IP in this range will need to be entered individually. For more information, see Microsoft's Understand TCP/IP addressing and subnetting basics article.
  • Current IP addresses for training notifications
  • Future IP addresses for PSTs

52.49.201.246

52.49.235.189

23.21.109.197

23.21.109.212
  • Current IP addresses for training notifications and PSTs

 
Note: Make sure to copy and paste these IP addresses exactly, including any periods or forward slashes.

Hostnames

Messages Sent

psm.knowbe4.com
  • KnowBe4 training notifications and PSTs
Note: As a security best practice, we recommend that you don't whitelist by email header on your public email endpoint.

PST Email Header

Email Header Text

X-PHISHTEST

Note: X-PHISHTEST is the default header. If you're using a custom header or header token, you could whitelist by that header. For information on creating a custom header or header token, see our How to Edit Your Account Settings article.

This is a phishing security test from KnowBe4 that has been authorized by the recipient organization.

Back to top

 

Whitelisting Your Mail Server

See below for a list of articles that can help you whitelist your organization's mail server. When you whitelist by following the instructions in these articles, you'll need our IP addresses, hostnames, or header information.

Note: If you don't see your mail server listed below, contact our support team for assistance.

If your mail server is Microsoft 365, see the articles listed below:

If your mail server is Exchange 2007 or 2010, see the articles listed below: 

If your mail server is Exchange 2013, 2016, or 2019, see the articles listed below:

If your mail server is Google Workspace, see the articles listed below:

Note: If you're using Google Workspace, you'll also need to disable the return-path header on our PSTs. For more information, see our How to Change the Return-Path Header in Your Account Settings article.
Note: Your mail server may use rate limiting, which can slow or block the delivery of our PSTs. We recommend that you review the rate-limiting rules for your mail server to ensure that your PSTs will reach your users’ inboxes.

Back to top

 

Whitelisting Your Spam Filter

See below for a list of articles that can help you whitelist your spam filter. When you whitelist by following the instructions in these articles, you'll need our IP addresses, hostnames, or header information.

Note: If you're whitelisting for endpoint web filtering, you may need a list of our phishing and landing domains. For a list of these domains, contact our support team.

Note: Securence and Mailprotector have whitelisted our IP addresses in their system globally, so you don't need to whitelist our emails for either of these spam filters.

Note: Your spam filter may use rate limiting, which can slow or block the delivery of our PSTs. We recommend that you review the rate-limiting rules for your spam filter to make sure that our PSTs will reach your users’ inboxes.

Back to top

 

Running a Test Campaign

Once you've whitelisted by using the recommendations above or by using our Whitelisting Wizard, we recommend creating a test phishing campaign to make sure your whitelisting is working properly.

We recommend that you include only yourself or a small group of users in this campaign. Then, you or the users in the campaign will need to confirm that you've received the PST from the campaign. Finally, you'll need to have a user click a simulated phishing link in the PST to make sure clicks are being tracked successfully. For more information about creating phishing campaigns, see our Creating and Managing Phishing Campaigns article. 

Note: Once you've tested your whitelisting with the test phishing campaign, we recommend that you delete or hide the campaign so it doesn't interfere with your reports or Risk Scores.

Back to top

 

Additional Configurations

Once you've whitelisted by following our recommendations, there are additional configurations that you may need to use to whitelist. For more information, see the subsections below.

 

Adding KnowBe4 to Your SPF Records

To allow KnowBe4 to send PSTs on your behalf, you can add KnowBe4 to your Sender Policy Framework (SPF) records. For more information, see our Adding KnowBe4 to Your Sender Policy Framework (SPF) Records article.

Back to top

 

Adding DKIM Signatures

All of our training notifications include a DomainKeys Identified Mail (DKIM) signature automatically. For accounts in the US, the signing domain is training.knowbe4.com and for accounts in the EU, the signing domain is eu.knowbe4.com.

You can also add a DKIM signature to our PSTs. For more information, see our How to Enable and Customize DKIM Signatures article.

Back to top

 

Avoiding Link Testing and Intent Analysis

Sometimes, common spam filters such as Barracuda, Symantec, Websense, and MessageLabs will have link-following or link-inspection options. If enabled, these options may result in skewed click-through rates or click-through rates showing 100%.

You can whitelist or exempt our emails from being affected by these options. You can also disable these options for the duration of a phishing campaign. For more information, see our Showing 100% Click Through on Phishing Tests article.

Back to top

 

Using Smart Hosting

If you can't whitelist our mail servers or your spam filter impacts the delivery of PSTs, you can allow our emails to bypass your spam filter by using smart hosting. For more information, see our Smart Hosting for Phishing Security Tests article.

Back to top

 

Troubleshooting

If you're experiencing issues with whitelisting, we recommend that you see our Whitelisting Wizard Troubleshooting Guide. Additionally, see the subsections below for troubleshooting situations that can help you.

If you don't see the issue you're looking for, contact our support team for assistance.

 

Email from KnowBe4 Sent to Junk or Spam

We may send you emails about updates to our products, such as new features and templates, or our employees may check in with you to see how things are going. To make sure these emails aren’t sent to your Junk or Spam folder, you can whitelist emails from knowbe4.com and knowbe4.mail.intercom.io.

If you're using Microsoft 365, see our Whitelisting emails from KnowBe4 in Microsoft 365 article for more information. If you’re using Google Workspace, see our Whitelisting by IP Address in Google Workspace article for more information.

Back to top

 

Third-Party Whitelisting Assistance

Our support team will provide whitelisting assistance as much as possible. However, because there are many different spam-filtering services and mail server providers, we recommend that you contact your service provider for assistance.

If you would like, you can use the template below to send a request to your service provider's support team:

Our organization uses KnowBe4, a security awareness training platform that provides simulated phishing tests and training for our employees. We would like to whitelist all of KnowBe4’s simulated phishing tests and training notifications to ensure they successfully reach our employees' inboxes. Please provide us with any whitelisting assistance that may help.

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles