Whitelisting Guide

To start phishing and training your users, you need to whitelist AuditOne. This ensures that our training notifications and simulated phishing security tests (PSTs) reach your users' inboxes. If you don’t whitelist our emails, your mail server or spam filter may block or filter them.

Note: For Microsoft 365 users, we recommend Microsoft's Advanced Delivery Policies feature. Advanced Delivery bypasses some of Microsoft's security configurations and allows you to create a secure connection for phishing simulations.

Whitelisting Best Practices

To ensure you receive our emails, follow these best practices based on your mail server and spam filter.

  1. If you do not use a cloud-based spam filter, whitelist our hostnames in your mail server. See the "Whitelist Your Mail Servers" section for guidance.

  2. If you have a cloud-based spam filter whitelist by hostname in your spam filter. Refer to the sections on "Whitelisting Your Mail Servers" and "Whitelisting Your Email and Web Filters" for details.

AuditOne's Hostnames

Here is our hostname. You need this information to allow your mail server and spam filter to accept our messages. 

auditone.xyz
@auditone.xyz

Whitelisting Your Spam Filter

Here is a list of Docs that can help you whitelist your spam filter. When you whitelist, follow the instructions in these Docs and make sure you have our hostnames.

If you are whitelisting for web filtering on endpoints, you might need our phishing and landing domain list. To get this list, please contact AuditOne’s support team ([email protected]).

Note: Your spam filter may have rate limits that could slow down or block our PSTs from being delivered. We suggest you check the rate-limiting rules for your spam filter to ensure our PSTs reach your users’ inboxes.

Whitelisting a Domain in the Google Workspace Admin Console

You can create a list of approved senders, which can include entire domains. Emails from these domains will bypass Gmail's spam filters. Here are the general steps:

  1. Log in to your Google Admin console. You'll need administrator privileges to access these settings.

  2. Navigate to Gmail settings. From the main menu, go to Apps > Google Workspace > Gmail.

  3. Go to Spam, Phishing, and Malware. Here you will find various settings to control how emails are handled.

  4. Configure "Spam" list. You will need to either create a new address list or edit an existing one to include the domain you wish to whitelist. In the spam settings, you can then choose to "Bypass spam filters for messages received from addresses or domains within these approved sender lists."

Microsoft 365: Whitelist Non-Phishing Emails from AuditOne

If you're not receiving admin/system emails or employee messages from AuditOne (not training or phishing simulations), you'll need to whitelist their domains in Microsoft 365. Here's how:

  1. Go to Microsoft 365 Admin Center > Exchange.

  2. Navigate to Mail Flow > Rules, then click (+) to create a new rule.

  3. Name the rule (e.g., Whitelist Emails from AuditOne), then click More options.

  4. Set "Apply this rule if..." to "The sender's domain is...", and enter:

    1. auditone.io

    2. auditone.xyz

  5. For "Do the following...", choose Modify the message properties > set the spam confidence level (SCL) to Bypass spam filtering.

  6. Click Save.

Sending a Demo Test

After setting up the phishing criteria, it's a good idea to run a test to ensure it's working correctly.

Include only yourself or a small group of users in this test. You or the test users should confirm that you received the phishing simulation test (PST) from the campaign. Finally, have one of the users click a simulated phishing link in the PST to check that clicks are being tracked successfully.

Avoiding Link Testing and Intent Analysis

Some spam filters, like Barracuda, Symantec, Websense, and MessageLabs, may have features that follow or inspect links. If these features are on, they might cause misleading click-through rates, possibly showing 100%.

Troubleshooting

If you need help, check the subsections below. If you don't find your issue, please contact AuditOne’s support team ([email protected]).

Email from AuditOne Sent to Junk or Spam

We send you emails about updates to our products, such as new features and templates. Our employees may also check in to see how things are going. To make sure you receive these emails, whitelist addresses from [email protected].

If you use Microsoft 365, read our Doc on how to whitelist emails from AuditOne.

Third-Party Whitelisting Assistance

Our support team can help with whitelisting, but many spam filters and email providers are different. We recommend contacting your service provider for further assistance.

You can use the template below to request help from your service provider's support team:

Our organization uses AuditOne, a platform for security awareness training that includes simulated phishing tests. We want to make sure all of AuditOne’s phishing test notifications reach our employees' inboxes. Please help us with whitelisting these communications.

PreviousPhising SimulatorNextHow to Bridge AUDIT Tokens Between the IOTA and BASE Networks

Last updated