Get Started Book a Demo

Allow-Listing in ProofPoint (aka: safe-listing, white-listing)

1st May 2025 | HowTo, MSP, Platform Allow-Listing in ProofPoint (aka: safe-listing, white-listing)

If you’re using Proofpoint’s spam filtering software, you can safelist (whitelist) CyberHoot to allow your users to receive our simulated attack-based phish testing emails.

CyberHoot Mail Relays to Add to your Allow-Lists

Allow-Listing By IP Address (preferred)

  1. From your Proofpoint admin center, navigate to Email Firewall, then Rules.
  2. Be sure to select the On radio button for Enable, under Rule Settings.
  3. Name your rule ID something descriptive, such as “CyberHoot Allow-Listing by IP Address,” and provide a summary of the rule such as “Enable Attack-Based Phish Testing for CyberHoot Sending Mail servers”
  4. In the “Conditions” section you will allow list CyberHoot by IP address using the “Add Condition” button. You can find our IP addresses for phishing and training emails in this article or find them at the end of this article below.
  5. Under “Dispositions”, change the Delivery Method from the default selection to Deliver Now.
  6. Be sure to save your rule and allow time for this new setting to propagate before testing.

Please Note:  if you are using URL Defense in your ProofPoint, be sure to also enable a bypass for CyberHoot in URL defenses.  See below for details.

Allow-listing in ProofPoint Essentials

The below instructions apply to allow-listing in ProofPoint Essentials.

  1. Go to Security Settings > Email > Sender Lists.
  2. Inside the Safe Sender list, enter the Portal IP addresses, found in this article.
  3. Click the Save button.

Allow-listing in ProofPoint Enterprise

  1. From your ProofPoint Enterprise Admin console, click on Email Protection.
  2. Select the Organizational Safe List option, located under Spam Protection.
  3. Click the Add button.
  4. A popup will appear, labeled Proofpoint – Global Safe. Use the following information in this popup:
    • Filter Type: select Sender Hostname.
    • Operator: select Equals.
    • Value: enter the Portal IP addresses listed in this article.
    • Click ‘Save Changes’.

URL Defense:

NOTE: We also recommend that you add CyberHoot’s sending mail relay IP addresses to Proofpoint’s URL Defense (this will help prevent any issues with ProofPoint’s Targeted Attack Protection). Here are instructions on adding Portal’s IP addresses to ProofPoint’s Targeted Attack Protection:

  1. From your Proofpoint Essentials Admin console, click Email Protection.
  2. Select URL Defense from under the Targeted Attack Protection drop-down.
  3. Click URL Rewrite Policies.
  4. Under the Exceptions section, enter the Portal’s IP addresses.
  5. Click Save Changes.
Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Ransomware Entry Points are Changing. Here Is What to Do About It?
24th February 2026 | Blog

Ransomware Entry Points are Changing. Here Is What to Do About It?

Ransomware groups are not breaking in organizations the same way they did five years ago. The entry methods have...

Read more
Malicious Chrome Extension Disguised as a Business Tools
17th February 2026 | Blog

Malicious Chrome Extension Disguised as a Business Tools

If a Chrome extension promises to remove security pop-ups and generate MFA codes, that should make you...

Read more
Sneaky Browser Extensions Are Hijacking ChatGPT Sessions
10th February 2026 | Blog

Sneaky Browser Extensions Are Hijacking ChatGPT Sessions

Cyberattacks usually start with phishing emails or weak passwords. This one did not. Security researchers...

Read more
Get Started All Posts