Whitelist Data and Anti-Spam Filtering
Before you can begin phishing and training your users, you must whitelist. It is extremely important that you whitelist us in order to prevent our phishing security test emails and training notifications from being blocked or filtered into your Spam folder.
Note:
For Microsoft 365 users, we recommend our Direct Message Injection (DMI) feature. DMI eliminates the need for whitelisting by creating a secure link between your KnowBe4 console and your Microsoft 365 Account. See our Direct Message Injection Guide for more information.
Use the links below to learn more about whitelisting and anti-spam filtering.
Jump to:
Whitelisting Best Practices
IP Addresses, Hostnames, and Header Information
Adding KnowBe4 to Your SPF Records
Adding DKIM Signatures to Your Phishing and Training Emails
How to Whitelist Your Mail Servers
How to Whitelist Your Email and Web Filters
- Link Testing and Intent Analysis
- Can't Whitelist in an Email Filter? Try Smart Hosting
- Third-party Whitelisting Assistance
Whitelisting Best Practices
The way you'll need to whitelist KnowBe4 varies depending on your environment.
For guidance, you can use our Whitelisting Wizard which will point you in the right direction.
Whitelist Your Mail Server and Spam Filter(s)
Make sure you take into consideration the various products or services you may be using in your mail or web environment to prevent issues with deliverability. As a best practice, we recommend the following:
If you do not have a cloud-based spam filter:
Whitelisting either our IP addresses or hostnames in your mail server. Do not whitelist both IPs and hostnames. You must choose one method.
If you do have a cloud-based spam filter:
Whitelist by email header in your mail server and whitelist by IP address or hostname in your spam filter.
If you are unable to whitelist our IP addresses, you can whitelist our mail server hostnames instead.
Run a Quick Test Campaign
After you've whitelisted according to the recommendations above or by using our wizard, conduct a preliminary test campaign before your Baseline Phishing Test. This is to ensure that your whitelisting rules were set up properly.
We recommend that you run at least one phishing campaign that is limited in scope to only one or two administrative users who can confirm receipt and tracking of clicks on phishing links. This should be done before the baseline test and will confirm that our phishing emails are getting through any spam/firewall protection.
As soon as you are done with your preliminary test, you should delete or hide the campaign so that it will not interfere with your reports or risk score.
IP Addresses, Hostnames, and Header Information
Below is a list of our IP addresses or hostnames, and header information for the purpose of whitelisting KnowBe4.
Note:
Be careful not to over-whitelist. If you are unsure how to whitelist, try our Whitelisting Wizard for guidance.
For accounts located at Training.KnowBe4.com:
|
IP Addresses |
Messages Sent |
|
147.160.167.0/26 * |
Current IPs for Training Emails Future IPs for Simulated Phishing |
|
23.21.109.197 23.21.109.212 |
Current IPs for Simulated Phishing and Training Notifications
|
* Please note that "/26" is the CIDR format for an IP subnet mask. In this case, it indicates the following IP range: 147.160.167.0 - 147.160.167.63. For more information on IP network subnets, please see here.
|
Hostnames |
Messages Sent |
|
psm.knowbe4.com phishtest.knowbe4.com * |
KnowBe4 Simulated Phishing and Training emails |
* Deprecated in October 2019
For security purposes, whitelisting by email header is NOT recommended on your public email endpoint.
|
Simulated Phishing Email Header |
Email Header Text |
|
X-PHISHTEST * |
This is a phishing security test from KnowBe4 that has been authorized by the recipient organization |
* X-PHISHTEST is the default header. If you're using a custom header and/or header token, you could whitelist by that header content. For information on creating a custom header or header token, see our How to Edit Your Account Settings article.
For accounts located at EU.KnowBe4.com:
|
IP Addresses |
Messages Sent |
|
147.160.167.0/26 * |
Current IPs for Training Emails Future IPs for Simulated Phishing |
|
52.49.201.246 52.49.235.189 23.21.109.197 23.21.109.212 |
Current IPs for Simulated Phishing and Training Emails
|
* Please note that "/26" is the CIDR format for an IP subnet mask. In this case, it indicates the following IP range: 147.160.167.0 - 147.160.167.63. For more information on IP network subnets, please see here.
|
Hostnames |
Messages Sent |
|
psm.knowbe4.com eu-phishtest.knowbe4.com * |
KnowBe4 Simulated Phishing and Training emails |
* Deprecated in October 2019
For security purposes, whitelisting by email header is NOT recommended on your public email endpoint.
|
Simulated Phishing Email Header |
Email Header Text |
|
X-PHISHTEST * |
This is a phishing security test from KnowBe4 that has been authorized by the recipient organization, |
* X-PHISHTEST is the default header. If you're using a custom header and/or header token, you could whitelist by that header content. For information on creating a custom header or header token, see our How to Edit Your Account Settings article.
Adding KnowBe4 to Your SPF Records
Although not usually necessary, you can add KnowBe4 to your SPF records. To learn more, read our article: Adding KnowBe4 to your SPF records
Adding DKIM Signatures to Your Phishing and Training Emails
All of our training emails include a DKIM signature. For accounts in the US, the signing domain is training.knowbe4.com and for accounts in the EU, the signing domain is eu.knowbe4.com. If you would like to add DKIM signatures to your phishing emails, you can do so from your Account Settings under the Phishing Headers section.
How to Whitelist Your Mail Servers
Below are the articles we have available with instructions on how to whitelist the most common mail servers.
Exchange 2007/2010:
- Setting up an IP Allow List in Exchange 2007
- Setting up an IP Allow List in Exchange 2010
- Whitelisting by Header in Exchange 2010
Exchange 2013, 2016, & Microsoft 365:
- Exchange 2013, 2016, & Microsoft 365 (Whitelist by IP Addresses)
- Exchange 2013, 2016, & Microsoft 365 (Whitelist by Email Header)
- Whitelisting Training Emails in Microsoft 365 (Whitelist by Email Header)
- Exchange 2013 Add-IPAllowListEntry (Command Line)
Configure Focused Inbox on Outlook or Microsoft 365 (PowerShell)
GSuite/Google Apps:
If you're using GSuite, you will also need to follow the steps in this article to disable the return-path header on KnowBe4 phishing tests.
How to Whitelist Your Email and Web Filters
Below are the articles we have available with instructions on how to whitelist the most common email and web filters.
Note:
If you are using endpoint web filtering, you may need a list of our phishing domains and our landing page domains for whitelisting purposes. Reach out to our support team and they will be happy to provide you with this information
- Whitelisting in AppRiver
- Whitelisting in Barracuda
- Whitelisting in Cisco Ironport
Whitelisting in EdgeWave - Whitelisting in Forefront Protection for Exchange
Whitelisting in Fortinet FortiGate - Whitelisting in McAfee/MX Logic
- Whitelisting in Mimecast
- Whitelisting in Proofpoint
- Whitelisting in SonicWall
- Whitelisting in Sophos
- Whitelisting in SpamAssassin
- Whitelisting in Symantec.Cloud/MessageLabs
- Whitelisting in TrendMicro
- Whitelisting in VIPRE
Securence and Mailprotector have whitelisted our IP addresses in their system globally, so you do not have to whitelist us there.
Note:
Consider your mail server or mail filter may have rate limiting. Rate limiting can slow or block the delivery of a phishing test when sending a large number of emails at once. Review your mail server or filter settings for its rate-limiting rules to ensure that your phishing test will arrive to your users. Although we do not recommend this, a potential workaround is to temporarily turn off rate limiting but be sure to turn it back on as soon as the phishing emails have been delivered successfully.
Link Testing and Intent Analysis
Some common email filtering and anti-spam services (such as Barracuda, Symantec, Websense, MessageLabs, etc.) will sometimes have link-following or link inspection options. These services may follow links found in incoming messages, resulting in skewed or 100% click-through rates. You can either whitelist/exempt our emails from being subject to these types of features/services or disable these features for the duration of a phishing test. More information can be found here.
Can't Whitelist in an Email FIlter? Try Smart Hosting
If you cannot add our whitelist data or your third-party solution impacts deliverability of the phishing emails, we are able to establish direct routes to your mail server to bypass that filtering. Just ask our technical support staff about the option of smart hosting, and they can assist you. Click here to submit a support ticket.
If you are using Exchange 2016, you may find Scenario 3 on this article helpful after speaking with our support team: Scenarios for Custom Receive Connectors in Exchange 2016
Third-party Whitelisting Assistance
KnowBe4's support team will provide assistance with whitelisting as much as possible. However, due to the many variations of mail filtering services and providers in use, we recommend working directly with your service provider to properly whitelist KnowBe4 if you're experiencing issues.
Below is an email template you may send to your service provider's support team as a request for whitelisting assistance, so they understand the services KnowBe4 offers:
Our organization uses KnowBe4, a security awareness training platform that provides simulated phishing tests and training for our employees. We would like to whitelist all KnowBe4 simulated phishing tests and training emails to ensure they successfully reach the inbox of our employees. Please provide us with the appropriate whitelisting assistance to achieve this.
Whitelisting Troubleshooting
We have two whitelisting wizards that can help guide you through the whitelisting process. Visit here to learn more about each wizard.
Email from KnowBe4 Employees Going to Junk or Spam?
Occasionally, we may send you notifications about updates to the system (new features, templates, etc.), or our employees may check in with you to see how things are. If you'd like to ensure these emails will make it through without going into Junk or Spam, you can whitelist emails coming from knowbe4.com and knowbe4.mail.intercom.io
If you're using Microsoft 365, we have instructions on how to set this up:
Whitelisting emails from KnowBe4 in Microsoft 365
Comments
0 comments
Article is closed for comments.