Skip to main content

How to configure custom hostnames for Phishing and Ransomware simulations

  • Updated

This article explains what custom hostnames are in SMARTFENSE, how to create them, and how to use them in Phishing and Ransomware simulation campaigns.

What is a custom hostname?

Phishing and Ransomware simulation emails include a trap link. By default, that link is formed by the platform subdomain and a randomly selected domain from SMARTFENSE's list of domains intended to host simulated Phishing and Ransomware traps.

A custom hostname replaces that default subdomain, allowing you to personalize the trap link to better fit the simulation scenario you want to create.

Where to configure hostnames

  1. Log in to the SMARTFENSE Management Portal.
  2. Go to Settings > Organization > Hostnames.
  3. Here you will see the list of configured hostnames, with their name and status (Active / Inactive).

How to create a new hostname

  1. Within Hostnames, click the + New Hostname button.
  2. Enter the desired hostname.
  3. Save your changes.

The maximum number of hostnames that can be created is 30. Once a hostname has been used in a Phishing or Ransomware campaign, it can no longer be edited or removed.

Hostname availability is not guaranteed: if the chosen name is already in use, it will not be possible to create it.

How to use a hostname in a campaign

The hostnames configured in this section will be available for selection when creating or editing a Phishing or Ransomware campaign.

  1. Open the creation or editing view for a Phishing or Ransomware campaign.
  2. Within the advanced configuration step, locate the Advanced section.
  3. Select the custom hostname you want to use for the trap link.

If no custom hostname is selected, the campaign will use the default platform subdomain.

Network considerations

If the organization uses web filtering or navigation blocking tools, the URL generated from the custom hostname must be added to the corresponding exclusions. Otherwise, the trap link may be blocked before the user accesses it, affecting simulation results.

💡 Best practices

  • Plan hostnames before using them in campaigns, since once used they cannot be modified or deleted.
  • Use hostnames that mimic internal domains or well-known vendors of the organization to increase the realism of the simulation.
  • Periodically review the list of active hostnames to keep the inventory organized within the 30-hostname limit.
  • Coordinate with the security team on which domains will be used to avoid confusion with legitimate communications.
  • Verify with the IT team that the hostname URL is excluded from web filtering tools before launching the campaign.

Related articles