If you’re utilizing Barracuda’s Email Security Gateway, you can white-list CyberHoot IP Addresses and Domain Name to allow our simulated phishing test emails and training notifications to get through to your end-user’s inboxes.
Please see this article for the current IP Addresses and Domain Names for CyberHoot.
CyberHoot Email-Relay IP Addresses, Domains, and White-Listing Articles
These instructions were gathered and summarized–based on Barracuda’s knowledgebase. For more information on how to white-list in Barracuda, check out this video from Barracuda.
If you are using Barracuda’s Email Security Service (cloud), follow these steps to white-list Barracuda by IP address:
If you are using Barracuda’s Email Security Gateway (on-premises), follow these steps to white-list Barracuda by IP address:
You may need to white-list us in Barracuda’s Intent Analysis feature to prevent the URLs in simulated phishing tests from being altered, and potentially resulting in skewed phishing test results. See this article from Barracuda explaining this process
If you are using Barracuda’s Email Security Service (cloud), follow these steps to white-list Barracuda’s Intent Analysis:
If you are using Barracuda’s Email Security Gateway (on-premises), follow these steps to white-list Barracuda’s Intent Analysis:
If you are using Barracuda’s Advanced Threat Protection (ATP) and have experienced false clicks or false attachment opens, you can set up exemptions. Setting up exemptions allows you to bypass PDF scanning for phishing test emails from CyberHoot’s IP addresses.
To set up exemption addresses to bypass ATP PDF Scanning:
If your organization uses Barracuda’s Impersonation Protection feature, you will need to add CyberHoot’s sending domains to the Allowed Senders list. This prevents simulated phishing emails and training notifications from being blocked or flagged by Impersonation Protection.
To add CyberHoot domains as allowed senders:
Note: Use with caution. Domains added to the Allowed Senders list will not be remediated by Impersonation Protection, and their actions are exempted from Automatic Remediation and Potential Incidents in Incident Response.
The screenshot below shows the Allowed Senders settings page with CyberHoot domains already added:

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model...
Read more
For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...
Read more
The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
