Back to Top

Help & Support

Get instant answers 24/7


How do I whitelist training emails from

Using to send your users simulated phishing and training emails?

Don't worry, we've got you covered. We've set up a global whitelist rule that automatically allows all mail that originates from the mail host, including all subdomains (e.g.

The whitelist rule is based on the hostname listed under the Whitelist by Hostname tab in the whitelisting documentation.

This global whitelisting rule:

  • Is automatically enabled for all domains.
  • Applies to any sender as long as the message came directly from a mail host (or subhost, such as

  • When messages are received and then forwarded to another user, they no longer originate from the mail host and will therefore be subject to normal filtering.
  • When staff sends mail through external services, such as Outlook or Gmail, those messages are subject to normal filtering. Generally, that should not be a problem since they don't send their simulated phishing emails that way. However, you can optionally add as an Approved Sender if you choose.

Last updated February 28, 2022