Get Started Book a Demo

Allow-Listing in ProofPoint (aka: safe-listing, white-listing)

1st May 2025 | HowTo, MSP, Platform Allow-Listing in ProofPoint (aka: safe-listing, white-listing)

If you’re using Proofpoint’s spam filtering software, you can safelist (whitelist) CyberHoot to allow your users to receive our simulated attack-based phish testing emails.

CyberHoot Mail Relays to Add to your Allow-Lists

Allow-Listing By IP Address (preferred)

  1. From your Proofpoint admin center, navigate to Email Firewall, then Rules.
  2. Be sure to select the On radio button for Enable, under Rule Settings.
  3. Name your rule ID something descriptive, such as “CyberHoot Allow-Listing by IP Address,” and provide a summary of the rule such as “Enable Attack-Based Phish Testing for CyberHoot Sending Mail servers”
  4. In the “Conditions” section you will allow list CyberHoot by IP address using the “Add Condition” button. You can find our IP addresses for phishing and training emails in this article or find them at the end of this article below.
  5. Under “Dispositions”, change the Delivery Method from the default selection to Deliver Now.
  6. Be sure to save your rule and allow time for this new setting to propagate before testing.

Please Note:  if you are using URL Defense in your ProofPoint, be sure to also enable a bypass for CyberHoot in URL defenses.  See below for details.

Allow-listing in ProofPoint Essentials

The below instructions apply to allow-listing in ProofPoint Essentials.

  1. Go to Security Settings > Email > Sender Lists.
  2. Inside the Safe Sender list, enter the Portal IP addresses, found in this article.
  3. Click the Save button.

Allow-listing in ProofPoint Enterprise

  1. From your ProofPoint Enterprise Admin console, click on Email Protection.
  2. Select the Organizational Safe List option, located under Spam Protection.
  3. Click the Add button.
  4. A popup will appear, labeled Proofpoint – Global Safe. Use the following information in this popup:
    • Filter Type: select Sender Hostname.
    • Operator: select Equals.
    • Value: enter the Portal IP addresses listed in this article.
    • Click ‘Save Changes’.

URL Defense:

NOTE: We also recommend that you add CyberHoot’s sending mail relay IP addresses to Proofpoint’s URL Defense (this will help prevent any issues with ProofPoint’s Targeted Attack Protection). Here are instructions on adding Portal’s IP addresses to ProofPoint’s Targeted Attack Protection:

  1. From your Proofpoint Essentials Admin console, click Email Protection.
  2. Select URL Defense from under the Targeted Attack Protection drop-down.
  3. Click URL Rewrite Policies.
  4. Under the Exceptions section, enter the Portal’s IP addresses.
  5. Click Save Changes.
Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Your Employees Connected 47 Apps to Google Last Year. Can You Name One of Them?
12th May 2026 | Blog

Your Employees Connected 47 Apps to Google Last Year. Can You Name One of Them?

OAuth tokens don't expire when employees leave, passwords change, or apps go rogue. Your security program needs...

Read more
Attackers Don’t Need a Key. They Already Have Yours.
5th May 2026 | Blog

Attackers Don’t Need a Key. They Already Have Yours.

Most breaches don't start with a hacker in a hoodie cracking code at 3am. They start with your username and a...

Read more
Claude Mythos Opened Pandora’s Box. Project Glasswing Is Racing to Close It.
10th April 2026 | Blog

Claude Mythos Opened Pandora’s Box. Project Glasswing Is Racing to Close It.

Article Updates: As of May 6th 2026, every major U.S. AI lab, including Google DeepMind, Microsoft, xAI,...

Read more
Get Started All Posts