Whitelisting Guide

To start phishing and training your users, you need to whitelist AuditOne. This ensures that our training notifications and simulated phishing security tests (PSTs) reach your users' inboxes. If you don’t whitelist our emails, your mail server or spam filter may block or filter them.

Note: For Microsoft 365 users, we recommend Microsoft's Advanced Delivery Policies feature. Advanced Delivery bypasses some of Microsoft's security configurations and allows you to create a secure connection for phishing simulations.

Whitelisting Best Practices

To ensure you receive our emails, follow these best practices based on your mail server and spam filter.

If you do not use a cloud-based spam filter, whitelist our IP addresses or hostnames in your mail server. See the "Whitelist Your Mail Servers" section for guidance.
If you have a cloud-based spam filter, whitelist by email header in your mail server. Also, whitelist by IP address or hostname in your spam filter. Refer to the sections on "Whitelisting Your Mail Servers" and "Whitelisting Your Email and Web Filters" for details.

Note: You do not need to whitelist both IP addresses and hostnames.

AuditOne's IP Addresses, Hostnames, and Headers

Here is a list of our IP addresses and hostnames, along with headers. You need this information to allow your mail server and spam filter to accept our messages.

Important: We suggest that you do not whitelist by both IP address and header in your mail server.

Whitelisting Your Mail Server

Here is a list of Docs to help you whitelist your mail server. When will need our IP addresses, hostnames, or header information.

Please contact AuditOne’s support team (hello@auditone.io) to whitelist IP Addresses and hostnames.

Please note that your mail server might use rate limiting, which can slow down or block the delivery of our PSTs. We recommend checking the rate-limiting rules for your mail server to make sure our PSTs reach your users’ inboxes.

If your mail server is Microsoft 365, see the Docs listed below:

How to Use Advanced Delivery Policies in Microsoft 365
Need Delivery Policies in Microsoft 365
Whitelisting Training Notifications in Microsoft 365 (Whitelist by Email Header)

If your mail server is Google Workspace, see the Docs listed below:

Important: If you use Google Workspace, make sure to turn off the return-path header in our PSTs.

Whitelisting Your Spam Filter

Here is a list of Docs that can help you whitelist your spam filter. When you whitelist, follow the instructions in these Docs and make sure you have our .

If you are whitelisting for web filtering on endpoints, you might need our phishing and landing domain list. To get this list, please contact AuditOne’s support team (hello@auditone.io).

Note: Your spam filter may have rate limits that could slow down or block our PSTs from being delivered. We suggest you check the rate-limiting rules for your spam filter to ensure our PSTs reach your users’ inboxes.

Sending a Demo Test

After setting up the phishing criteria, it's a good idea to run a test to ensure it's working correctly.

Include only yourself or a small group of users in this test. You or the test users should confirm that you received the phishing simulation test (PST) from the campaign. Finally, have one of the users click a simulated phishing link in the PST to check that clicks are being tracked successfully.

Additional Configurations

After you have whitelisted following our recommendations, you may need to make additional configurations. See the sections below for more information.

Adding AuditOne to Your SPF Records

To let AuditOne send PSTs for you, add AuditOne to your Sender Policy Framework (SPF) records.

Adding DKIM Signatures

All our training notifications automatically include a DKIM (DomainKeys Identified Mail) signature.

You can also add a DKIM signature to our PSTs. For more details, please contact AuditOne support.

Avoiding Link Testing and Intent Analysis

Some spam filters, like Barracuda, Symantec, Websense, and MessageLabs, may have features that follow or inspect links. If these features are on, they might cause misleading click-through rates, possibly showing 100%.

Troubleshooting

If you need help, check the subsections below. If you don't find your issue, please contact AuditOne’s support team (hello@auditone.io).

Email from AuditOne Sent to Junk or Spam

We send you emails about updates to our products, such as new features and templates. Our employees may also check in to see how things are going. To make sure you receive these emails, whitelist addresses from hello@auditone.io.

If you use Microsoft 365, read our Doc on . If you use Google Workspace, refer to our .

Third-Party Whitelisting Assistance

Our support team can help with whitelisting, but many spam filters and email providers are different. We recommend contacting your service provider for further assistance.

You can use the template below to request help from your service provider's support team:

Our organization uses AuditOne, a platform for security awareness training that includes simulated phishing tests. We want to make sure all of AuditOne’s phishing test notifications reach our employees' inboxes. Please help us with whitelisting these communications.

Support

Whitelist Non-Phishing Emails from AuditOne

If you're not receiving admin/system emails or employee messages from AuditOne (not training or phishing simulations), you'll need to whitelist their domains in Microsoft 365. Here's how:

Go to Microsoft 365 Admin Center > Exchange.
Navigate to Mail Flow > Rules, then click (+) to create a new rule.
Name the rule (e.g., Whitelist Emails from AuditOne), then click More options.
Set "Apply this rule if..." to "The sender's domain is...", and enter:
1. AuditOne.io
For "Do the following...", choose Modify the message properties > set the spam confidence level (SCL) to Bypass spam filtering.
Click Save.

Whitelist by IP Address in Google Workspace

Due to Google’s upcoming changes, Direct Message Injection (DMI) is the preferred method for whitelisting AuditOne emails in Google Workspace. If you're not using a cloud-based spam filter, follow the steps below to whitelist by IP address:

Whitelist AuditOne by IP in Google Workspace:

Go to Admin Console > Apps > Google Workspace > Gmail.
Click Spam, Phishing, and Malware (under “Advanced settings” for older versions).
Select your domain (IP whitelisting applies to entire domains).
In the Email whitelist section, enter AuditOne’s IP addresses (from their Whitelisting Guide).
Click Save.

Add IPs as Inbound Gateways (to suppress Gmail banners):

From the same Spam, Phishing, and Malware section:
Add AuditOne’s IPs under Inbound Gateway.
Configure:
1. Don’t check "Reject all mail not from gateway IPs"
2. Don’t enable "Automatically detect external IP"
  - Enable "Require TLS"
  - Add a spam header
3. Enable "Disable Gmail spam evaluation on mail from this gateway"
Click Save (it may take ~1 hour to propagate).

Update Your Microsoft 365 Permissions

To create, modify, or remove settings in an advanced delivery policy, you’ll need to be a member of the Security Administrator role group in the Microsoft Security & Compliance Center and the Organization Management role group in Microsoft Exchange Online.

For read-only access to an advanced delivery policy, you’ll need to be a member of the Global Reader or Security Reader role groups.

Whitelist by Email Headers in Microsoft 365, Microsoft Exchange 2016, and Microsoft Exchange 2019

Note: As of April 2023, Microsoft no longer supports Exchange 2013. For more information, see the document from Microsoft.

In this Doc, you'll learn how to whitelist by email header in Microsoft 365, Exchange 2016, and Exchange 2019. This method ensures your Phishing Security Tests (PSTs) bypass your spam filters and reach your users’ inboxes.

Note: We typically recommend whitelisting by IP address or hostname. However, if you use Exchange or Microsoft 365 without Defender for Office 365, you may need to whitelist by email headers to ensure PSTs are delivered.

If you don't have a spam filter, Microsoft requires that you use advanced delivery policies to ensure email delivery.

Whitelist by IP Address in Google Workspace

In this Doc, you can learn how to whitelist AuditOne emails by IP address in Google Workspace. Whitelisting can help you ensure that your users receive our simulated phishing tests and training notifications.

Important: To ensure that your user opens are being tracked properly, you may need to add our phish link domains to your Google Workspaces.

We only recommend whitelisting by IP address if you don't have a cloud-based spam filter. If you have a cloud-based spam filter, we recommend whitelisting by email header instead. For more information, see our Whitelisting by Header in Google Workspace or Whitelisting Guide Docs.

Note: This Doc contains our recommendations for whitelisting in Google Workspace, but Google Workspace may make changes to its features at any time. If you’re experiencing issues with whitelisting by using the instructions below, please contact our support team (hello@auditone.io).

Add AuditOne’s IP Addresses to the Email Whitelist

To whitelist our IP addresses, you'll need to add our IP addresses to your email whitelist in Google Workspace.

To add our IP addresses to your email whitelist, follow the steps below.

Log in to your Google Workspace Admin console and click Apps > Google Workspace > Gmail
Click Spam, Phishing, and Malware. Note: If you use an older version of Google Workspace, you may need to click the Advanced Settings button to see this option.
In the Organizational Unit section of the page, select your domain. Note: Google Workspace only allows whitelisting by IP address for an entire domain, so you're unable to whitelist by IP Address for individual organizational units (OUs).
In the Email whitelist section, enter our IP addresses separated by commas.
Click Save.

Add AuditOne IP Addresses as Inbound Gateways

When your users receive a simulated phishing email from AuditOne, banners may display in Gmail to say, "This message seems dangerous" or "Be careful with this message". To prevent these banners from displaying, we recommend that add our IP addresses as inbound gateways.

To add our IP addresses as inbound gateways, follow the steps below:

Important: While we've found that these steps help to prevent Google banners from displaying, these steps aren't documented as a whitelisting recommendation by Google.

Log in to your Google Workspace Admin console.
Section above. These steps will take you to your Spam, Phishing, and Malware settings.
Configure the Inbound gateway.

Fill out your information to match the screenshot below:

IP addresses/ranges: Enter AuditOne's IP addresses.
Ensure the Reject all mail not from gateway IPs check box isn't selected. Note: The automatically detected external IP setting may interfere with whitelisting for AuditOne. Unless you use other IP addresses that require you to enable this setting, we recommend that you don't select the Automatically detect external IP check box. For more information, see Google's Doc.
Select the Require TLS for connections from the email gateways listed above check box.
Select the Message that is considered spam if the following header regexp matches the check box. Then, enter a spam header tag that is unlikely to be found in a Phishing Security Test email. For example, you could enter random letters such as "kzndsfgklinjvsdnfioasm".
Select the Disable Gmail spam evaluation on mail from this gateway; only use the header value check box.
Click Save. This setting may take up to an hour to deploy to all of your users.

Note: Before creating simulated phishing tests, you should also disable the return-path header in your KSAT Account Settings.

Whitelisting by Email Header in Google Workspace (AuditOne)

Recommended Method: Use Direct Message Injection (DMI) due to upcoming Gmail changes.
Purpose: Allows AuditOne's phishing test emails to bypass spam filters by matching a custom email header.
Steps:
- Go to Google Admin > Apps > Google Workspace > Gmail > Compliance.
- Under Content Compliance, add a new rule.
- Target Inbound and Internal - receiving emails.
- Match emails with the header: X-PHISHTEST (or your custom one).
- Set rule to Bypass spam filter.
- Save the rule.
Additional Setup:
- Add AuditOne’s phish link domains to Google’s Image URL proxy allowlist.
- Use this method only if you have a cloud-based spam filter. Otherwise, whitelist by IP address instead.
- Disable the return-path header in AuditOne account settings before tests.
- Run a test campaign to confirm setup; allow up to 1 hour for changes to apply.
Need help? Reach out to AuditOne support if issues arise.

Whitelisting by Content Compliance in Google Workspace (AuditOne)

Recommended: Use Direct Message Injection (DMI) due to upcoming Gmail changes.
Purpose: Bypass spam filters to deliver AuditOne phishing simulations via IP and header-based content rules.

Two-Step Whitelisting Process:

1. Add AuditOne’s IP Addresses to Google Workspace:

Go to Google Admin > Apps > Google Workspace > Gmail > Spam, Phishing, and Malware.
Under your entire domain (not sub-OUs), add AuditOne IPs to the Email Whitelist.
Separate IPs with commas.

2. Create Content Compliance Rule:

Go to Google Admin > Apps > Google Workspace > Gmail > Compliance.
Add a rule under Content Compliance:
- Affect: Inbound messages.
- Expressions:
  - Source IP match (add each AuditOne IP).
  - Header match: Full headers contain X-PHISHTEST.
Actions:
- Bypass spam filter
- Require TLS encryption

Notes:

This only applies to full domains (not individual OUs).
Disable the return-path header in KSAT settings before phishing tests.
Run a test campaign to verify the setup.
Issues? Contact AuditOne support.

PreviousPhising Simulator NextHow to Bridge AUDIT Tokens Between the IOTA and BASE Networks

Last updated 1 month ago