Allow-Listing in ProofPoint (aka: safe-listing, white-listing)

1st May 2025 | HowTo, MSP, Platform Allow-Listing in ProofPoint (aka: safe-listing, white-listing)

Proofpoint Allow-Listing

If you’re using Proofpoint’s spam filtering software, you can safelist (whitelist) CyberHoot to allow your users to receive our simulated attack-based phish testing emails.

CyberHoot Mail Relays to Add to your Allow-Lists

Allow-Listing By IP Address (preferred)

  1. From your Proofpoint admin center, navigate to Email Firewall, then Rules.
  2. Be sure to select the On radio button for Enable, under Rule Settings.
  3. Name your rule ID something descriptive, such as “CyberHoot Allow-Listing by IP Address,” and provide a summary of the rule such as “Enable Attack-Based Phish Testing for CyberHoot Sending Mail servers”
  4. In the “Conditions” section you will allow list CyberHoot by IP address using the “Add Condition” button. You can find our IP addresses for phishing and training emails in this article or find them at the end of this article below.
  5. Under “Dispositions”, change the Delivery Method from the default selection to Deliver Now.
  6. Be sure to save your rule and allow time for this new setting to propagate before testing.

Please Note:  if you are using URL Defense in your ProofPoint, be sure to also enable a bypass for CyberHoot in URL defenses.  See below for details.

Allow-listing in ProofPoint Essentials

The below instructions apply to allow-listing in ProofPoint Essentials.

  1. Go to Security Settings > Email > Sender Lists.
  2. Inside the Safe Sender list, enter the Portal IP addresses, found in this article.
  3. Click the Save button.

Allow-listing in ProofPoint Enterprise

  1. From your ProofPoint Enterprise Admin console, click on Email Protection.
  2. Select the Organizational Safe List option, located under Spam Protection.
  3. Click the Add button.
  4. A popup will appear, labeled Proofpoint – Global Safe. Use the following information in this popup:
    • Filter Type: select Sender Hostname.
    • Operator: select Equals.
    • Value: enter the Portal IP addresses listed in this article.
    • Click ‘Save Changes’.

URL Defense:

NOTE: We also recommend that you add CyberHoot’s sending mail relay IP addresses to Proofpoint’s URL Defense (this will help prevent any issues with ProofPoint’s Targeted Attack Protection). Here are instructions on adding Portal’s IP addresses to ProofPoint’s Targeted Attack Protection:

  1. From your Proofpoint Essentials Admin console, click Email Protection.
  2. Select URL Defense from under the Targeted Attack Protection drop-down.
  3. Click URL Rewrite Policies.
  4. Under the Exceptions section, enter the Portal’s IP addresses.
  5. Click Save Changes.
Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...

Read more
CyberHoot Newsletter – May 2025

CyberHoot Newsletter – May 2025

Welcome to CyberHoot's May Newsletter! This month, we're spotlighting key developments in the cyber threat...

Read more
Cybersecurity Advisory: Hackers Exploit Zoom’s Remote Control Feature

Cybersecurity Advisory: Hackers Exploit Zoom’s Remote Control Feature

A newly uncovered cyberattack campaign is exploiting Zoom’s Remote Control feature to infiltrate the systems...

Read more