This article details how to implement Whitelist in various security and email technologies to ensure the proper delivery of SMARTFENSE simulations and reduce impacts from security analysis in Phishing and Ransomware campaigns.
Whitelist Implementation for Trend Micro
Domain Whitelisting in Trend Micro
Advanced Spam Protection
- Go to the Advanced Threat Protection > Add tab.
- Select the policy to create according to the service: Exchange, OneDrive, SharePoint, Box, Dropbox, Google.
- On the left, select Advanced Spam Protection.
- Check Enable Advanced Spam Protection.
- Select Approved/Blocked Sender List.
- Check Enable the approved sender list.
- Enter *@livefense.com and press Add.
- Go to the Rules configuration section.
- In Apply to: select Incoming messages.
- Select Medium as the detection level.
Malware Scanning
- Select Malware Scanning in the left menu.
- Select Rules.
- In Apply to: select Incoming messages.
- In Malware Scanning, select Scan all files and check Scan message body and Enable IntelliTrap.
- Select the Action section.
- In Action: select Trend Micro recommend actions.
- In Notification: select Notify.
Web Reputation
- Select Web Reputation.
- Check Enable Web Reputation.
- Select Rules.
- In Apply to: select All messages.
- In Security Level: select Medium.
- Select Approved/Blocked URL List.
- Check Enable the approved URL list.
- Check Add internal domains to the approved URL list.
- Enter the IPs and domains of SMARTFENSE as hostnames.
- Press Add >.
Virtual Analyzer
- Select Virtual Analyzer.
- Check Enable Virtual Analyzer.
- In Allowed senders list, add info@livefense.com.
- Click Save.
Note: once all steps are configured, the policy will appear under the Advanced Threat Protection tab.
Hosted Email Security (HES) – Allow Campaigns and Do Not Scan URLs
Do Not Scan URLs in Phishing Campaign Emails
- In the Hosted Email Security (HES) console go to:
- Inbound Protection -> Policy Objects -> Keyword Expressions
- Create a new keyword expression for SMARTFENSE:
- Define Match as Any Specified
- Click Add
- Enter:
- SMARTFENSE
- This is a phishing security test by SMARTFENSE authorized by the receiving organization.
- Click Save
- Go to Inbound Protection -> Policy.
- Select the domain to apply the policy and click Add.
- In Basic Information, assign a name and check Enable.
- In Recipients and Senders:
- Recipients: My domains, select domain and Add
- Senders: Anyone
- In Scanning Criteria:
- Click Advanced
- Enable Specified header matches
- Click keyword expressions
- In Other, type X-PHISHINGSIMULATION
- Choose the created expression and Add
- Click Save
- In Actions, select Deliver now.
- Verify the policy is correctly configured.
- Move the policy to the top to give it priority (up arrow).
Note: when the keyword matches, the email does not go through the rest of the policies and is delivered immediately to the end user.
Trend Micro Email Security (TMEMS) – Do Not Scan URLs
- In Trend Micro Email Security (EMS) go to:
- Administration -> Policy Objects -> Keyword Expressions
- Create a new keyword expression for SMARTFENSE:
- Match: Any Specified
- Click Add
- Enter:
- SMARTFENSE
- This is a phishing security test by SMARTFENSE authorized by the receiving organization.
- Click Save
- Go to Inbound Protection -> Policy.
- Choose the domain, click Add.
- In Basic Information, assign a name and activate Enable.
- In Recipients and Senders:
- Recipients: My domains, select domain and Add
- Senders: Anyone
- In Scanning Criteria:
- Click Advanced
- Enable Specified header matches
- Click keyword expressions
- In Other, type X-PHISHINGSIMULATION
- Choose the created expression, Add, and then Save
- In Actions, select Deliver now and select To the default mail server.
- Review the policy.
- Click Submit.
- Move the policy to the top to give it priority.
Whitelist Implementation for AppRiver
- Log in to AppRiver Admin Center.
- Select Filters -> IP Addresses.
- In Allowed IP Addresses, add the current SMARTFENSE IPs.
- Click Save.
| Note: to obtain the most updated list, consult Settings > Security > Whitelist within your SMARTFENSE instance. |
Whitelist Implementation for Cisco IronPort
IP Whitelist
- From the Cisco IronPort console, go to Mail Policies.
- Select HAT Overview and make sure to choose InboundMail lister.
- Click WHITELIST.
- Click Add Sender and add:
- 160.153.250.248
- 190.210.135.44
- 50.6.200.66
- 52.16.33.192
- Click Submit and then Commit Changes.
Skipping Outbreak Filter Scanning
- Go to Mail Policies.
- In Message Modification, enter the IPs in Bypass Domain Scanning:
- 160.153.250.248
- 190.210.135.44
- 52.16.33.192
- Click Submit and then Commit Changes.
Whitelist Implementation for Zoho Mail
Add the IP to the trusted list in the administration panel:
- Log in as administrator in Zoho Mail.
- Go to Control panel >> Mail Administration >> Spam control >> Whitelist >> Trusted IP list.
- Press Add IP Address, enter the IP and save.
User Spam Settings
Go to the official provider links to configure:
- Allowed list / blocked list
- Safe / rejected senders list
FortiGuard – Web Domain Override or Reclassification
To override web classification of URLs that may be considered malicious by FortiGuard, consult:
https://docs.fortinet.com/document/fortigate/latest/administration-guide/122974/web-rating-override
Sophos – How to Make Exceptions
Allows enabling URLs or domains regardless of category.
Configure a whitelist object using matching by Domain or by Regular Expression as needed.
HARMONY – CHECK POINT
In the transport rule within the Microsoft Mail Server (usually “Harmony - Check Point”), add the IPs as exceptions:
- 160.153.250.248
- 190.210.135.44
- 50.6.200.66
- 52.16.33.192
This prevents Microsoft from sending simulation emails received from SMARTFENSE servers to Harmony.
ESET Protect Complete / Elite / MDR
If you use these suites and the ESET antispam platform (compatible with Office365 and Google Workspace), create an exclusion policy to allow the IPs:
- 160.153.250.248
- 190.210.135.44
- 50.6.200.66
- 52.16.33.192
Reference:
https://help.eset.com/ecos/es-CL/policy_email.html
How to whitelist SMARTFENSE domains in Proofpoint
This article explains how to add SMARTFENSE domains and URLs to the allow list in Proofpoint, so your users are not blocked when clicking links in simulated phishing campaigns or platform notifications.
Why is access being blocked?
Proofpoint includes a technology called URL Defense (part of Targeted Attack Protection, or TAP) that analyzes links in emails in real time. When Proofpoint classifies a URL as malicious, it blocks navigation and displays a warning screen to the user.
This block can occur even if the destination site is legitimate. Proofpoint explicitly states that it is possible to block a single page of a valid site without blocking the entire domain.
To allow your users to access SMARTFENSE links correctly, you need to configure the allow list at two levels: email filtering and URL Defense.
Prerequisites
- Administrator access to the Proofpoint console (Essentials or Enterprise).
- List of SMARTFENSE domains and IPs. Refer to the article Technical Information for Whitelisting for updated values.
Configuration in Proofpoint Essentials
Step 1 — Add SMARTFENSE to the Safe Sender List
- Log in to the Proofpoint Essentials administration console.
- Navigate to Security Settings > Email > Sender Lists.
- Under the Safe Sender List section, enter SMARTFENSE's sending IPs and domains.
- Click Save.
Step 2 — Exclude SMARTFENSE URLs from URL Defense rewriting
- From the main menu, click Email Protection.
- Under the Targeted Attack Protection drop-down, select URL Defense.
- Click URL Rewrite Policies.
- In the Exceptions section, under Exclude URLs that contain specified domains/IP addresses, enter the SMARTFENSE domains.
- Click Save Changes.
Configuration in Proofpoint Enterprise
Step 1 — Add SMARTFENSE to the Organizational Safe List
- Log in to the Proofpoint Enterprise administration console.
- Click Email Protection.
- Under the Spam Detection drop-down, select Organizational Safe List.
- Click Add.
- In the pop-up window, fill in the following fields:
- Filter Type: select Sender Hostname.
- Operator: select Equals.
- Value: enter the SMARTFENSE domains.
- Click Save Changes.
Step 2 — Exclude SMARTFENSE URLs from URL Defense rewriting
- From the main menu, click Email Protection.
- Under the Targeted Attack Protection drop-down, select URL Defense.
- Click URL Rewrite Policies.
- In the Exceptions section, enter the SMARTFENSE domains.
- Click Save Changes.
Step 3 (optional) — Configure a rule in Email Firewall
If the previous steps are not sufficient, you can create an explicit allow rule:
- In the Proofpoint Enterprise console, navigate to Email Firewall > Rules.
- Enable the rule by switching Enable to On.
- Assign a descriptive name, for example:
SMARTFENSE Allow List. - Under Conditions, click Add Condition and select Sender Domain.
- Enter the SMARTFENSE domains.
- Save the changes.
If the issue persists after applying the allow list in Proofpoint, check whether additional protections are active on the client's mail server (for example, Microsoft 365 Defender) that may be blocking the same links independently.
💡 Best practices for Proofpoint
- Ask the client for the exact list of blocked domains before starting the configuration, to confirm they correspond to SMARTFENSE URLs.
- Apply the URL Defense exception first, as it is the layer that displays the blocking screen shown in the screenshot.
- Verify the allow list by sending a test email and confirming that the link opens correctly without being redirected to the Proofpoint block screen.
- Keep SMARTFENSE domains up to date in the Proofpoint configuration whenever new domains are added to the platform.
- Document in the client's file which Proofpoint console they use (Essentials or Enterprise) to make future adjustments easier.
💡 Best Practices in general
- Obtain the updated list of IPs and domains from Settings > Security > Whitelist before applying changes in external tools.
- Apply Whitelist both in antispam/antiphishing filters and in web reputation and URL analysis.
- Prioritize Whitelist rules above other policies to ensure delivery.
- Validate with a test campaign before running mass simulations.