Get Started Book a Demo

CyberHoot’s Email-Relay IP Addresses, Domains, and Allow-list Articles

8th May 2025 | HowTo CyberHoot’s Email-Relay IP Addresses, Domains, and Allow-list Articles

Updated: October 3rd, 2025

This article is a reference to CyberHoot’s mail relay IP Addresses and Domain names.  The process of allowing phishing tests through to your end users inboxes is dependent upon your mail and spam filters.  CyberHoot provides instructions and scripts on bypassing Microsofts Spam, Clutter, and Junk filters as well as adding our mail domains to the safe senders lists.

Please note that if you are using multiple filters in series, you will also need to set up X-Headers in addition to allow lists to deliver email to your end users.  You may wish to run powershell scripts we have prepared to make your life easier.

CyberHoot Training Assignments Relay:

CyberHoot assignments are delivered via email.  Currently, all assignments flow through AWS SES, as such, there is no need to create an allow list as AWS SES reputation is excellent, but if you choose to, you can add our domain name and the following IP addresses below to the allow list.

  • DNS Name:  cyberhoot.com
  • IP Addresses: 54.240.125.36/32 and 54.240.125.37/32

Phishing Test Mail Relays

If you are planning on sending traditional (attack-based) Phishing Tests to your clients and prospects, you will need to enable all of CyberHoot’s Email Relays shown below:

DNS DOMAIN Names: IP Addresses:
docunotice.com 23.20.251.170/32
messagecenters.net 52.7.191.238/32
securedinbox.net 52.6.6.155/32
notificationhub.net 18.213.175.22/32
filealert.org 34.226.89.171/32

Looking for a downloadable copy of the table above in CSV format?

And here we have  a comma separated list with just the domain names:
docunotice.com,messagecenters.net,securedinbox.net,notificationhub.net,filealert.org

Another list, this time just the IP addresses:
23.20.251.170/32,52.7.191.238/32,52.6.6.155/32,18.213.175.22/32,34.226.89.171/32

*As of October 3rd, 2025 all of CyberHoot’s Phish testing will be sent from these IP addresses.

Related Allow-Listing Articles:

How to Allow-List in Barracuda SPAM Gateway and Cloud Solution

How to Allow-List in your own Personal Gmail Account

How to Allow-List in your Google Workspace

How to Allow-List in Microsoft’s M365

How to Allow-List in Mimecast

How to Allow-List in ProofPoint

How to Allow-List in Sophos Central (Website Management)

How to Allow-List in Microsoft O365 – Avanan

How to Allow-List in Google Workspace – Avanan

Powershell script for avoiding SPAM, Clutter, Junk in M365.

Powershell script for adding CyberHoot’s phishing domains to Safe Senders List

How to Allow-List in MailProtector

How to Allow-List in BitDefender

How to Allow-List in DNS Filter

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Domain Takedowns: How to Remove Fraudulent and Typo-squatted Domains and Websites
28th October 2025 | Blog

Domain Takedowns: How to Remove Fraudulent and Typo-squatted Domains and Websites

In cybersecurity, not all attacks happen through fancy malware or zero-day exploits. Some of the most effective...

Read more
The AI Threat Awakens: What OpenAI’s Latest Report Reveals About Cybercrime
14th October 2025 | Blog

The AI Threat Awakens: What OpenAI’s Latest Report Reveals About Cybercrime

The rapid rise of generative AI has unlocked enormous promise, but it’s also accelerating the arms race in...

Read more
Klopatra: New Android Trojan Drains Bank Accounts via Hidden VNC
7th October 2025 | Blog

Klopatra: New Android Trojan Drains Bank Accounts via Hidden VNC

Newly discovered Android banking Remote Access Trojan (RAT), dubbed Klopatra, has compromised more than 3,000...

Read more
Get Started All Posts