We will be sending simulated phishing emails from outside your network, so your IT department must be notified.
Please ensure your environment meets the following criteria for compatibility:
- Email client(s): MS Outlook 2003+, Hotmail, Gmail, Yahoo Mail
- Browsers: Chrome 71+, Firefox 65+, IE 9+, Safari 11.1.2+
If your organization plans to use the optional add-in, Phishhook, to allow users to report suspicious emails, please ensure the environments meet the following criteria.
PhishHook Add-In Installation Requirements
- MS Office 2010
- Microsoft VSTO 2010 Runtime
- .Net 4.5 framework
In order for emails to be delivered successfully to the end-user, please perform the following white-listing tasks:
This may be required in the locations listed
- Intrusion Detection System/Firewall
- Client-side Email Filters
- Server-side Email Filters
White-list the following domain name of the SMTP relay used by the application.
SMTP Relay: |
smtp.mailgun.org |
White-list the following location that hosts the landing pages in your web filtering software, if applicable.
Landing Page Domain: |
*phishproof.com |
White-list the following domains used when sending Phishproof Email Templates:
Template Domains: |
accountsecurity.online amznbks.com bankameriica.com certifyjob.com clickweb.solutions faceboookfriendster.com filescanners.org formsmail.com funitgames.org googllesecurity.net ibsbanks.com mailsystems.online phishproof.com securityadmin.net securityalert.org starrwood.net systemadsmin.org twitttersocialpage.com upssite.com uspostallservice.com wallgreenspharm.com web-access-alerting.com boxfilesshare.com docutransfers.com employee-rewards.net hr-rewardscenter.com hq-administrators.com itpatching-installs.com corp-addmin.com admin-tokenalert.com sso-server.com login-microsoft.com |
Note:Security Features such as websense/zscaler, rate limiters, dynamic email filters, and/or Googlebot that click on links before the users will need to be filtered in the Phishproof application's admin portal.
This can be done by following instructions here:
Phishproof Filter Bots
Adjusting any other settings, as necessary, to ensure the simulated phishing emails flow to end-user inboxes.
If your organization would prefer to whitelist by IP as opposed to a domain, please inform your account manager to receive that information.
Additional things to consider:
- Do employees have general access to the internet?
- What kinds of work stations/devices have permissions to access email?
- Do users have the ability to play MP4 videos? (Education landing pages may include video)