This article explains why it is essential to perform a Whitelist process before launching Phishing or Ransomware simulation campaigns in SMARTFENSE, how it impacts the quality of the metrics, and which domains and IPs should be allowed to obtain reliable results.
Configuration available in the Settings > Security > Whitelist section
Importance of the Whitelist Process
Before launching a Phishing or Ransomware simulation campaign, it is essential to perform a Whitelist process on each of the organization's security tools.
One of the main objectives of this process is to ensure that the simulation email reaches the user's inbox and is not classified as SPAM.
Why is it important?
The ultimate goal of a simulation is to measure user behavior to determine the organization's risk level.
To achieve this, it is indispensable that all users who are part of the evaluation universe effectively receive the simulation.
Frequently, security or IT teams expect simulations to bypass all technological barriers without configuring a Whitelist.
This approach may work in some cases and fail in others, but the result is always the same: incorrect metrics regarding the actual risk level.
A simulation is not designed to measure the effectiveness of security tools, but rather the behavior, conduct, and actions of people.
For this reason, properly configuring Whitelists is key to measuring what you really want to measure.
Statistics Generated by Software
The Whitelist process also helps reduce the generation of false statistics produced by security tools.
Simulation emails contain unique links that uniquely identify a user within a campaign.
These links allow recording interactions and evaluating user behavior.
Without an adequate Whitelist, security tools:
Analyze the emails.
Access the links one or more times.
Generate false interactions on behalf of the recipient user.
This prevents correctly measuring the real behavior of the user, which is the main objective of the simulation.
A proper Whitelist process of domains and IPs allows obtaining clean, reliable, and useful results.
How Does SMARTFENSE Detect Software-Generated Interactions?
If a campaign shows the warning:
Warning: at least one software-generated interaction has been detected
it means that SMARTFENSE identified at least one interaction not performed by a human user.
The most common causes are:
Interactions from IPs or User-Agents configured in the Whitelist
In Settings > Security > Whitelist it is possible to define ranges of IP addresses and User-Agents.
If an interaction comes from any of these values, SMARTFENSE automatically classifies it as software-generated.
Activation of Special Links
Emails, Teachable moments, and simulation files include special links that cannot be activated by a user.
Only security tools can activate them.
When this happens, the interaction is recorded and automatically categorized as software-generated.
Analysis of Previous Interactions
SMARTFENSE analyzes interactions that occurred within the range of seconds configured in Settings > Security > Whitelist.
If there is at least one software-generated interaction in that range, new interactions are also classified the same way.
Whitelist Configuration
1. IP Addresses and Email Sending Domains
Incoming traffic must be allowed from the IP addresses and domains used by SMARTFENSE servers for notifications and simulations.
IP Addresses
50.6.200.66
160.153.250.248
190.210.135.44
52.16.33.192
Domains
livefense.com: phishing and ransomware simulations
smartfense.com: external notification emails
mail-takesecurity.com: notification emails
phishalertbutton.com: phishing report button (new version)
palertbutton.com: phishing report button (previous version)
2. Web Browsing Domains
These domains must be added to the browsing whitelist in the proxy or firewall for the platform to function correctly.
Resources and Content
sf-production-eu.s3.amazonaws.com: images and resources
cdn.takesecurity.com: video display
takesecurity.com: training actions
takesecurity2.com: backup domain
takesecurity-ws.com: measurement of time spent
phishalertbutton.com
palertbutton.com
Simulation Landing Page Domains
tk2.io: smishing simulations
updates-app.com: phishing or ransomware simulations
protected-request.com: phishing or ransomware simulations
social-media-network.com: phishing or ransomware simulations
shoppinglogin.com: phishing or ransomware simulations
travel-checkout.com: phishing or ransomware simulations
free-products-site.com: phishing or ransomware simulations
correctcertificate.com: phishing or ransomware simulations
registo-seguro.com: phishing or ransomware simulations
proxy-www.com: phishing or ransomware simulations
calls-link.com: phishing or ransomware simulations
solucion-problemas.com: phishing or ransomware simulations
pass-login.com: phishing or ransomware simulations
online-corpweb.com: phishing or ransomware simulations
official-org.com: phishing or ransomware simulations
register-access.com: phishing or ransomware simulations
compras-ok.com: phishing or ransomware simulations
reclamos-online.com: phishing or ransomware simulations
securewebdomains.com: phishing or ransomware simulations
it-support-desk.com: phishing or ransomware simulations
logincorporate.com: phishing or ransomware simulations
registro-seguro.com: phishing or ransomware simulations
store-access.com: phishing or ransomware simulations
inicioseguro.com: phishing or ransomware simulations
registro-sicuro.com: phishing or ransomware simulations
e-mail-access.com: phishing or ransomware simulations
hr-staff-net.com: phishing or ransomware simulations
canjear-ahora.com: phishing or ransomware simulations
vpn-corporativa.com: phishing or ransomware simulations
actualizar-app.com: phishing or ransomware simulations
Domains for Trial Environments
trial.inicioseguro.com
sf-trial-eu.s3.amazonaws.com
💡 Best Practices
Perform the Whitelist process before launching any simulation campaign.
Configure Whitelist for both email and web browsing.
Periodically review Settings > Security > Whitelist to adjust IPs and User-Agents.