Get Started Book a Demo

Allow-Listing in ProofPoint (aka: safe-listing, white-listing)

1st May 2025 | HowTo, MSP, Platform Allow-Listing in ProofPoint (aka: safe-listing, white-listing)

If you’re using Proofpoint’s spam filtering software, you can safelist (whitelist) CyberHoot to allow your users to receive our simulated attack-based phish testing emails.

CyberHoot Mail Relays to Add to your Allow-Lists

Allow-Listing By IP Address (preferred)

  1. From your Proofpoint admin center, navigate to Email Firewall, then Rules.
  2. Be sure to select the On radio button for Enable, under Rule Settings.
  3. Name your rule ID something descriptive, such as “CyberHoot Allow-Listing by IP Address,” and provide a summary of the rule such as “Enable Attack-Based Phish Testing for CyberHoot Sending Mail servers”
  4. In the “Conditions” section you will allow list CyberHoot by IP address using the “Add Condition” button. You can find our IP addresses for phishing and training emails in this article or find them at the end of this article below.
  5. Under “Dispositions”, change the Delivery Method from the default selection to Deliver Now.
  6. Be sure to save your rule and allow time for this new setting to propagate before testing.

Please Note:  if you are using URL Defense in your ProofPoint, be sure to also enable a bypass for CyberHoot in URL defenses.  See below for details.

Allow-listing in ProofPoint Essentials

The below instructions apply to allow-listing in ProofPoint Essentials.

  1. Go to Security Settings > Email > Sender Lists.
  2. Inside the Safe Sender list, enter the Portal IP addresses, found in this article.
  3. Click the Save button.

Allow-listing in ProofPoint Enterprise

  1. From your ProofPoint Enterprise Admin console, click on Email Protection.
  2. Select the Organizational Safe List option, located under Spam Protection.
  3. Click the Add button.
  4. A popup will appear, labeled Proofpoint – Global Safe. Use the following information in this popup:
    • Filter Type: select Sender Hostname.
    • Operator: select Equals.
    • Value: enter the Portal IP addresses listed in this article.
    • Click ‘Save Changes’.

URL Defense:

NOTE: We also recommend that you add CyberHoot’s sending mail relay IP addresses to Proofpoint’s URL Defense (this will help prevent any issues with ProofPoint’s Targeted Attack Protection). Here are instructions on adding Portal’s IP addresses to ProofPoint’s Targeted Attack Protection:

  1. From your Proofpoint Essentials Admin console, click Email Protection.
  2. Select URL Defense from under the Targeted Attack Protection drop-down.
  3. Click URL Rewrite Policies.
  4. Under the Exceptions section, enter the Portal’s IP addresses.
  5. Click Save Changes.
Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Don’t Score an Own Goal: Outsmart World Cup 2026 Scams
23rd June 2026 | Blog

Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans...

Read more
Hackers steal your cookies. Chrome may help stop Session Cookie Theft!
9th June 2026 | Blog

Hackers steal your cookies. Chrome may help stop Session Cookie Theft!

Google has built and released a new cookie protection measure that makes stolen session cookies useless on any...

Read more
AI Found Your Weaknesses. Let’s Fix Them First.
2nd June 2026 | Blog

AI Found Your Weaknesses. Let’s Fix Them First.

New benchmark data names MDASH and Claude Mythos Preview are the top AI agents finding zero-day vulnerabilities...

Read more
Get Started All Posts