How do I set up Allowlisting

We have built this guide to make allowlisting as easy as possible for you and your team.

If you are looking for a list of where we send from, then look no further!

Microsoft Azure Setup

Powershell Scripts

Google Workspace Setup


Microsoft Azure

Allowlisting in Microsoft Defender

 

1. Go to security.microsoft.com

2. Select Policies and Rules from the Email & collaboration section in the menu on the left

3. Then select Threat policies

4. Click the Advanced Delivery in the Rules section

5. Select the Phishing Simulation tab

6. Click Edit to add domains, URLs, and IPs (listed below).


Sending IPs

All of our messages that are sent over SMTP are sent through the following IP:

  • Phishing email: 198.2.177.227
  • Reminders: 198.2.178.214

Clickable URLs in phishing and training emails

If you need to understand what links are in our communications that may be accidentally detonated by any pre-scanning software:

Make sure to add the URLs exactly as they appear below!

URLs (9):

*.betterphish.com/*

*.shippingalerts.com/*

*.amazingdealz.net/*

*.berrysupply.net/*

*.coronacouncil.org/*

*.couponstash.net/*

*.creditsafetyteam.com/*

*.autheticate.com/*

*.notificationhandler.com/*

Sending Domains

This is the domain that Phin will use for our own branding and communications.

Domains (1):

phinsecurity.com

In order to make sure training reminders and simulated phishing make it through your email filtering process, you will need to allow the following base domains if sending IP can not be configured.

Depending on what system you are filtering through, you may need to add a wildcard version of the domains such as *.shippingalerts.com. We utilize subdomains to make the domains go farther. So the below list is just the base domains of our phishing emails.

Domains (9):

betterphish.com

shippingalerts.com

amazingdealz.net

berrysupply.net

coronacouncil.org

couponstash.net

creditsafetyteam.com

autheticate.com

notificationhandler.com

For more info about Advanced Delivery 

Microsoft 365 Defender Advanced Delivery Guide


PowerShell Scripts

Please only use the scripts if you are familiar with running them in your environment.

Example:

New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains betterphish.com,shippingalerts.com,amazingdealz.net,berrysupply.net,coronacouncil.org,couponstash.net,creditsafetyteam.com,autheticate.com,notificationhandler.com,phinsecurity.com -SenderIpRanges 198.2.177.227


Sometimes it is important to enable a Transport rule to force emails to show in users' inboxes whether they have “Focused Inbox” mode enabled or not. This script will create a new Transport Rule

New-TransportRule -Name "Bypass Focused Inbox for Phin" -SenderIpRanges “198.2.177.227/32” -SetHeaderName "X-MS-Exchange-Organization-BypassFocusedInbox" -SetHeaderValue "True"

Additionally, you may need to enable Advanced Delivery policy/rules so that test emails are properly identified as phish simulation tests and are not blocked. If these emails are reported to Microsoft, they will also NOT be scanned, causing false positive click reports.

Commands to be run from the “Exchange Online PowerShell”:

New-TenantAllowBlockListItems -Allow -ListType Url -ListSubType AdvancedDelivery -Entries "*.betterphish.com/*","*.shippingalerts.com/*","*.amazingdealz.net/*","*.berrysupply.net/*","*.coronacouncil.org/*","*.couponstash.net/*","*.creditsafetyteam.com/*","*.autheticate.com/*","*.notificationhandler.com/*" -NoExpiration

Commands to be run in the “Exchange Security & Compliance PowerShell”:

New-PhishSimOverridePolicy -Name PhishSimOverridePolicy

New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -Domains 'betterphish.com','shippingalerts.com','amazingdealz.net','berrysupply.net', 'coronacouncil.org','couponstash.net','creditsafetyteam.com','authenticate.com','notificationhandler.com' -SenderIpRanges 198.2.177.227

Google Workspace:

Allowlist by sending domains:

Follow the steps under the “Add a list of approved senders that bypass spam filters” section


Bulk Upload the following comma-separated list of 11 domains:

phinsecurity.com,notificationhandler.com,amazingdealz.net,coronacouncil.org,couponstash.net,creditsafetyteam.com,shippingalerts.com,intelligentbros.com,berrysupply.net,autheticate.com,betterphish.com

Allowlist by IP:

https://support.google.com/a/answer/60751?hl=en&ref_topic=9981578

Our dedicated sending IPs:

  • Phishing email: 198.2.177.227
  • Reminders: 198.2.178.214