HowTo: Allow-List CyberHoot’s AttackPhish Simulation Servers in M365

26th May 2025 | HowTo, MSP, Platform, Technology HowTo: Allow-List CyberHoot’s AttackPhish Simulation Servers in M365

Detailed Instructions From Microsoft:

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide

Once you click the link above, follow the instructions under the “Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy” heading.

Detailed Instructions From CyberHoot:

Allow-List by X-Header in M365

Once you click the link above, make sure to follow all the steps from beginning to end of the page. Also make sure to get the most up-to-date list of CyberHoot servers below.

CyberHoot’s Email-Relay IP Addresses

The required IP address and Domain name information is found in this HowTo article:

CyberHoot Email-Relay IP Addresses, Domains, and Allow-Listing Articles

*If you are planning on sending AttackPhish simulation tests to your clients, you will need to have them allow-list all our email relays shown in the list.

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Urgency, Emotion, Authority: How One Scammer Almost Got Inside a CPA Firm

Urgency, Emotion, Authority: How One Scammer Almost Got Inside a CPA Firm

Tax season keeps accountants busy, and it keeps scammers busy too. Early this summer, a CPA firm became the...

Read more
The Ransomware an AI Model Built Without Trying

The Ransomware an AI Model Built Without Trying

Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model...

Read more
CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...

Read more