Back to Top

Help & Support

Get instant answers 24/7


How do I whitelist training emails from

Using to send your users simulated phishing and training emails?

Don't worry, we've got you covered. We've set up global whitelist rules to always allow simulated phishing emails from

Inbound global whitelisting rule:

  • Any email that originates from or the related sub-domains (e.g.
  • Applies to any sender as long as the message came directly from a mail host (or sub-host, such as
  • Automatically enabled for all recipients

Outbound global whitelisting rule:

  • Any email sent to or the sub-domains.
  • Automatically enabled for all senders

  • When messages are received and then forwarded to another user, they no longer originate from the mail host and will therefore be subject to normal filtering.
  • When staff sends mail through external services, such as Outlook or Gmail, those messages are subject to normal filtering. Generally, that should not be a problem as simulated phishing emails won't come from those sources. You can optionally add as an Approved Sender if you choose.

Last updated November 7, 2023