Whitelist Data and Anti-Spam Filtering
Before you can begin phishing and training your users, you must whitelist KnowBe4. It is important that you whitelist us to ensure our phishing security emails and training notifications are delivered. Failure to whitelist us properly may cause our emails to be blocked or filtered into your Spam folder.
Note: For Microsoft 365 users, we recommend Microsoft's Advanced Delivery Policies feature. Advanced Delivery bypasses some of Microsoft's security configurations and allows you to create a secure connection for phishing simulations. See our How to Use Advanced Delivery Policies in Microsoft 365 article for more information.
The sections below will teach you more about whitelisting and anti-spam filtering.
Jump to:
Whitelisting Best Practices
How to Whitelist Your Mail Servers
How to Whitelist Your Email and Web Filters
IP Addresses, Hostnames, and Header Information
- Adding KnowBe4 to Your SPF Records
- Adding DKIM Signatures to Your Phishing and Training Notifications
- Avoiding Link Testing and Intent Analysis
- Using Smart Hosting
- Third-party Whitelisting Assistance
Whitelisting Best Practices
The method you'll need to use for whitelisting depends on your environment. Make sure you consider the various products or services you are using in your mail or web environment. You will need to whitelist both your mail server and any spam filtering you have put in place.
As a best practice, we recommend the following:
- If you do not have a cloud-based spam filter:
- We recommend whitelisting either our IP addresses or hostnames in your mail server. Do not whitelist both IPs and hostnames. You must choose one method.
- For information on whitelisting your mail server, see our section on How to Whitelist Your Mail Servers.
- We recommend whitelisting either our IP addresses or hostnames in your mail server. Do not whitelist both IPs and hostnames. You must choose one method.
- If you do have a cloud-based spam filter:
- We recommend whitelisting by email header in your mail server and whitelisting by IP address or hostname in your spam filter. Do not whitelist both IPs and hostnames. You must choose one method.
- For information on whitelisting your mail server, see our section on How to Whitelist Your Mail Servers.
- For information on whitelisting your spam filter, see our section on How to Whitelist Your Email and Web Filters.
- We recommend whitelisting by email header in your mail server and whitelisting by IP address or hostname in your spam filter. Do not whitelist both IPs and hostnames. You must choose one method.
To help you get started, you can use our Whitelisting Wizard to find out which whitelisting method is best for your organization.
How to Whitelist Your Mail Servers
Below are the articles we have available with instructions on how to whitelist the most common mail servers. To see our list of IP addresses, headers, and domain names, see this table.
Note: If you do not see your mail server listed below, contact our support team.
Microsoft 365:
- How to Use Advanced Delivery Policies in Microsoft 365
- Direct Message Injection (DMI) Configuration Guide
- Exchange 2013, 2016, & Microsoft 365 (Whitelist by Email Header)
- Whitelisting Training Notifications in Microsoft 365 (Whitelist by Email Header)
- Configure Focused Inbox on Outlook or Microsoft 365 (PowerShell)
Exchange 2007/2010:
- Setting up an IP Allow List in Exchange 2007
- Setting up an IP Allow List in Exchange 2010
- Whitelisting by Header in Exchange 2010
Exchange 2013, 2016, & 2019:
- Exchange 2013 and 2016 (Whitelist by IP Addresses)
- Exchange 2013, 2016, & Microsoft 365 (Whitelist by Email Header)
- Exchange 2013 Add-IPAllowListEntry (Command Line)
Google Workspace:
- Whitelisting by IP Address in Google Workspace
- Whitelisting by Email Header in Google Workspace
- Whitelisting by Content Compliance in Google Workspace
- Direct Message Injection (DMI) Configuration Guide
If you're using Google Workspace (formerly G Suite), you will also need to follow the steps in this article to disable the return-path header on KnowBe4 phishing tests.
How to Whitelist Your Email and Web Filters
Below are the articles we have available with instructions on how to whitelist the most common email and web filters. To see our list of IP addresses, headers, and domain names, see this table.
Note: If you are using endpoint web filtering, you may need a list of our phishing domains and our landing page domains for whitelisting purposes. Please contact our support team and they will be happy to provide you with this information.
- Whitelisting in AppRiver
- Whitelisting for Avanan in Microsoft 365 and Google Workspace
- Whitelisting in Barracuda
- Whitelisting in Cisco Ironport
- Whitelisting in EdgeWave
- Creating an allowed senders filter list
- Whitelisting in Fortinet FortiGate
- Whitelisting in McAfee/MX Logic
- Whitelisting in Mimecast
- Whitelisting in Proofpoint
- Whitelisting in SonicWall
- Whitelisting in Sophos
- Whitelisting in SpamAssassin
- Whitelisting in Symantec.Cloud/MessageLabs
- Whitelisting in TrendMicro
- Whitelisting in VIPRE
Securence and Mailprotector have whitelisted our IP addresses in their system globally, so you do not have to whitelist us for those spam filters.
Note: Your mail server or mail filter may have rate limiting. Rate limiting can slow or block the delivery of a phishing test when sending a large number of emails at once. Review the rate limiting rules for your mail server or mail filter to ensure that your phishing test will arrive in your users’ inboxes. Temporarily turning off rate limiting can resolve this issue but we discourage this action. Make sure to turn on rate limiting again once the phishing emails have been delivered.
IP Addresses, Hostnames, and Header Information
Below is a list of our IP addresses or hostnames, and header information for the purpose of whitelisting KnowBe4.
Note: Be careful not to over-whitelist. If you are unsure how to whitelist, try our Whitelisting Wizard for guidance.
For accounts located at Training.KnowBe4.com and CA.KnowBe4.com:
|
IP Addresses |
Messages Sent |
|
147.160.167.0/26 * |
Current IPs for Training Notifications Future IPs for Simulated Phishing |
|
23.21.109.197 23.21.109.212 |
Current IPs for Simulated Phishing and Training Notifications
|
* Note that "/26" is the CIDR format for an IP subnet mask. In this case, it indicates the following IP range: 147.160.167.0 - 147.160.167.63. If your whitelisting provider does not allow for an IP subnet mask, each IP in the range will need to be entered individually. For more information on IP network subnets, please see here.
|
Hostnames |
Messages Sent |
|
psm.knowbe4.com |
KnowBe4 Simulated Phishing and Training Notifications |
For security purposes, whitelisting by email header is not recommended on your public email endpoint.
|
Simulated Phishing Email Header |
Email Header Text |
|
X-PHISHTEST * |
This is a phishing security test from KnowBe4 that has been authorized by the recipient organization |
* X-PHISHTEST is the default header. If you're using a custom header and/or header token, you could whitelist by that header content. For information on creating a custom header or header token, see our How to Edit Your Account Settings article.
For accounts located at EU.KnowBe4.com:
|
IP Addresses |
Messages Sent |
|
147.160.167.0/26 * |
Current IPs for Training Notifications Future IPs for Simulated Phishing |
|
52.49.201.246 52.49.235.189 23.21.109.197 23.21.109.212 |
Current IPs for Simulated Phishing and Training Notifications
|
* Please note that "/26" is the CIDR format for an IP subnet mask. In this case, it indicates the following IP range: 147.160.167.0 - 147.160.167.63. If your whitelisting provider does not allow for an IP subnet mask, each IP in the range will need to be entered individually. For more information on IP network subnets, please see here.
|
Hostnames |
Messages Sent |
|
psm.knowbe4.com |
KnowBe4 Simulated Phishing and Training Notifications |
For security purposes, whitelisting by email header is not recommended on your public email endpoint.
|
Simulated Phishing Email Header |
Email Header Text |
|
X-PHISHTEST * |
This is a phishing security test from KnowBe4 that has been authorized by the recipient organization, |
* X-PHISHTEST is the default header. If you're using a custom header and/or header token, you could whitelist by that header content. For information on creating a custom header or header token, see our How to Edit Your Account Settings article.
Run a Quick Test Campaign
After you've whitelisted according to the recommendations above or by using our Whitelisting Wizard, create a test campaign to ensure that your whitelisting rules were set up properly.
We recommend that your test campaign is limited to only one or two administrative users. They will need to confirm whether or not they received the email and click on the phishing link to ensure that clicks are registering correctly. As soon as you are done with your test campaign, you should delete or hide the campaign so that it will not interfere with your reports or risk score.
Advanced Configurations
Once your phishing campaigns are functional, there are other tools that can help with creating a smoother whitelisting experience. Please see below for some examples:
Adding KnowBe4 to Your SPF Records
If necessary, you can add KnowBe4 to your SPF records. To learn more, read our article: Adding KnowBe4 to your SPF records
Adding DKIM Signatures to Your Phishing and Training Notifications
All of our training Notifications include a DKIM signature. For accounts in the US, the signing domain is training.knowbe4.com and for accounts in the EU, the signing domain is eu.knowbe4.com. If you would like to add DKIM signatures to your phishing emails, you can do so from your Account Settings under the Phishing Headers section. From there, you can also switch from KnowBe4's DKIM signature to custom DKIM signatures.
Avoiding Link Testing and Intent Analysis
Some common email filtering and anti-spam services (such as Barracuda, Symantec, Websense, MessageLabs, etc.) will sometimes have link-following or link inspection options. These services may result in skewed or 100% click-through rates. You can whitelist or exempt our emails from being observed by these types of features. You can also disable these features for the duration of a phishing test. For more information please see here.
Using Smart Hosting
If you cannot add our whitelist data or your third-party solution impacts the delivery of phishing emails, we are able to establish direct routes to your mail server to bypass that filtering. If you are using Exchange 2016, you may find Scenario 3 in this article helpful: Scenarios for Custom Receive Connectors in Exchange 2016.
For further assistance, contact our support team to learn more about smart hosting.
Third-party Whitelisting Assistance
KnowBe4's support team will provide assistance with whitelisting as much as possible. However, due to the many variations of mail filtering services and providers in use, we recommend working directly with your service provider to properly whitelist KnowBe4.
Below is an email template you can send to your service provider's support team as a request for whitelisting assistance:
Our organization uses KnowBe4, a security awareness training platform that provides simulated phishing tests and training for our employees. We would like to whitelist all of KnowBe4’s simulated phishing tests and training notifications to ensure they successfully reach the inbox of our employees. Please provide us with any whitelisting assistance you can provide to achieve this.
Whitelisting Troubleshooting
If you are experiencing issues with whitelisting KnowBe4 domains, below are some potential solutions. If you do not see your issue, please contact our support team and they would be happy to help.
We also have two whitelisting wizards that can help guide you through the whitelisting process. Visit our Whitelisting Troubleshooting article to learn more about each wizard.
Email from KnowBe4 Employees Going to Junk or Spam?
We may send you notifications about updates to the system, such as new features and templates, or our employees may check in with you to see how things are going. If you'd like to ensure these emails aren’t going to your Junk or Spam folders, you can whitelist emails coming from knowbe4.com and knowbe4.mail.intercom.io
If you're using Microsoft 365, please see our Whitelisting emails from KnowBe4 in Microsoft 365 article for more information.
If you’re using Google Workspace, please see our Whitelisting by IP Address in Google Workspace article for more information.
Comments
0 comments
Article is closed for comments.