We recommend whitelisting KnowBe4's simulated phishing emails and training notifications by our mail server IP addresses or domains. However, certain system set-ups will require whitelisting by email header instead. Note: our recommendations for whitelisting by email header will apply to your mail server only. You will still need to whitelist KnowBe4's IPs or domains in your spam filter.
The most common reason why you'll want to whitelist the KnowBe4 emails by our X-PHISHTEST email header is if you're using a cloud-based spam filter. Since the emails will first arrive in your spam filter, the IP/domain on the emails will change to that of your spam filter before arriving to your mail server. Thus, whitelisting by KnowBe4's IPs/domains in your mail server will not be effective.
You will need to use this alternative method of whitelisting by header to ensure phishing emails make it through to your end-users.
For details on how to whitelist by header, please see our Whitelisting Information page.