Get Started Book a Demo

Allow-Listing in ProofPoint (aka: safe-listing, white-listing)

1st May 2025 | HowTo, MSP, Platform Allow-Listing in ProofPoint (aka: safe-listing, white-listing)

If you’re using Proofpoint’s spam filtering software, you can safelist (whitelist) CyberHoot to allow your users to receive our simulated attack-based phish testing emails.

CyberHoot Mail Relays to Add to your Allow-Lists

Allow-Listing By IP Address (preferred)

  1. From your Proofpoint admin center, navigate to Email Firewall, then Rules.
  2. Be sure to select the On radio button for Enable, under Rule Settings.
  3. Name your rule ID something descriptive, such as “CyberHoot Allow-Listing by IP Address,” and provide a summary of the rule such as “Enable Attack-Based Phish Testing for CyberHoot Sending Mail servers”
  4. In the “Conditions” section you will allow list CyberHoot by IP address using the “Add Condition” button. You can find our IP addresses for phishing and training emails in this article or find them at the end of this article below.
  5. Under “Dispositions”, change the Delivery Method from the default selection to Deliver Now.
  6. Be sure to save your rule and allow time for this new setting to propagate before testing.

Please Note:  if you are using URL Defense in your ProofPoint, be sure to also enable a bypass for CyberHoot in URL defenses.  See below for details.

Allow-listing in ProofPoint Essentials

The below instructions apply to allow-listing in ProofPoint Essentials.

  1. Go to Security Settings > Email > Sender Lists.
  2. Inside the Safe Sender list, enter the Portal IP addresses, found in this article.
  3. Click the Save button.

Allow-listing in ProofPoint Enterprise

  1. From your ProofPoint Enterprise Admin console, click on Email Protection.
  2. Select the Organizational Safe List option, located under Spam Protection.
  3. Click the Add button.
  4. A popup will appear, labeled Proofpoint – Global Safe. Use the following information in this popup:
    • Filter Type: select Sender Hostname.
    • Operator: select Equals.
    • Value: enter the Portal IP addresses listed in this article.
    • Click ‘Save Changes’.

URL Defense:

NOTE: We also recommend that you add CyberHoot’s sending mail relay IP addresses to Proofpoint’s URL Defense (this will help prevent any issues with ProofPoint’s Targeted Attack Protection). Here are instructions on adding Portal’s IP addresses to ProofPoint’s Targeted Attack Protection:

  1. From your Proofpoint Essentials Admin console, click Email Protection.
  2. Select URL Defense from under the Targeted Attack Protection drop-down.
  3. Click URL Rewrite Policies.
  4. Under the Exceptions section, enter the Portal’s IP addresses.
  5. Click Save Changes.
Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

AI-Powered Phishing Kits Are Game-Changing, In a Very Bad Way
6th January 2026 | Blog

AI-Powered Phishing Kits Are Game-Changing, In a Very Bad Way

Phishing emails used to be easy to spot. Bad grammar. Weird links. Obvious scams. Those days are...

Read more
AI Poisoning: Fake Support Scam — AI Search as the New Attack Surface
16th December 2025 | Blog

AI Poisoning: Fake Support Scam — AI Search as the New Attack Surface

Cybercriminals always follow Internet eyeballs. Not literally, but figuratively. And today's eyeballs are...

Read more
CISA Details an Emerging Mobile Spyware Alert
9th December 2025 | Blog

CISA Details an Emerging Mobile Spyware Alert

Active Attacks on Messaging Apps The Cybersecurity and Infrastructure Security Agency (CISA) recently issued...

Read more
Get Started All Posts