Sources
A summary of the sources used for some of our articles, written with the assistance of AI.
Additional Configuration - Mimecast
| Source | Publisher/ URL Snippet |
Key Information Contributed |
| Allowlisting (Whitelisting) in Mimecast | metacompliance.com | Detailed steps for creating Permitted Senders, Anti-Spoofing, URL Protection Bypass, and Impersonation Protection Bypass policies. |
| Allow list Managed SAT Emails in Mimecast | huntress.io | Confirmation of the various policies required and the importance of using Source IP Ranges for bypass policies. |
| Allowlisting in Mimecast - Knowledge Base | google.com/search?q=support.infosecinstitute.com | Provided the standard steps for configuration within the Mimecast Administration Console via the **Gateway |
| Allow-list in Mimecast | usecure.io | Reiteration of the policies needed, including Attachment Protection Bypass and Greylisting Bypass. |
| How to Whitelist in Mimecast | doc.keepnetlabs.com | General steps for setting the Policy Narrative and checking Policy Override. |
| Allowlisting in Mimecast - Knowledge Base | google.com/search?q=support.phishingtackle.com | Specific details on setting the policy to apply to External Addresses and the need for a new policy instead of editing the default. |
| Safelisting in Mimecast | google.com/search?q=support.phishingbox.com | General confirmation of the overall policy configuration strategy. |
Additional Configuration - Barracuda
| Source | Publisher/ URL Snippet |
Key Information Contributed |
| Allowlisting in Barracuda - Knowledge Base | google.com/search?q=support.infosecinstitute.com |
Provided the core steps for allowlisting by IP address on both Barracuda Cloud Control (Email Security Service) and the Email Security Gateway (on-premises). It also detailed bypassing Intent Analysis and Sender Authentication.
|
| Allowlist in Barracuda | support.knowbe4.com |
Confirmed the step-by-step process for exempting IPs and provided guidance on exempting IPs from SPF checks (Sender Authentication) and bypassing ATP PDF Scanning (Advanced Threat Protection).
|
| Allow list Managed SAT Emails in Barracuda | support.huntress.io |
Reinforced the need for configuration across multiple features: Standard Allow-list (IPs), Intent Analysis, and Sender Authentication.
|
| Allowlisting in Barracuda | support.metacompliance.com |
Detailed the exact console path for Cloud Control:
Email Security → Inbound Settings → IP Address Policies, and the use of the Exempt policy. |
| Allowlisting PhishGuard in Barracuda | support.cerebra.sa |
Confirmed the steps for bypassing Barracuda's Advanced Threat Protection (ATP).
|
| How to Allowlist Phishing Simulation Emails in Microsoft 365 | sbscyber.com |
Provided the general context that third-party gateways (like Barracuda) require specific, multi-layered allowlisting rules.
|
Additional Configuration - Fortinet
| Source | Publisher/ URL Snippet |
Key Information Contributed |
| Configuring the block lists and safe lists | google.com/search?q=docs.fortinet.com FortiMail Documentation |
Provided the official console path for creating System Safe List entries: Security → Block/Safe List → System, which is the core mail delivery exemption method. |
| Safelisting FortiPhish in FortiMail | google.com/search?q=docs.fortinet.com Fortinet Document Library |
Detailed instructions on how to create a highly specific IP-based policy with the Safe & Relay action or a custom IP-Based Policy with a loose session profile to bypass deeper checks. |
| Fortinet safelisting guide | google.com/search?q=help.bullphishid.kaseya.com | Confirmed the need for IP address exemption in FortiMail and the procedure for whitelisting URLs via the FortiGate Static URL Filter to prevent landing page blocking. |
| Fortinet FortiGate Website Allowlisting | google.com/search?q=help.caniphish.com | Provided the firewall console path: Security Profiles → Web Filter, and the process for adding phishing domains with the Allow action to ensure link functionality. |
| FortiMail Workspace Security Data Sheet | fortinet.com | Provided context on the integrated nature of FortiMail Workspace Security for cloud platforms (M365/Google Workspace), confirming the need to consider additional URL/behavioural bypasses beyond the simple gateway IP allowlist. |
| Controlling email based on IP addresses | google.com/search?q=docs.fortinet.com FortiMail Documentation |
Detailed the logic and precedence of IP-based policies over recipient-based policies, reinforcing why an IP-based exemption is the most effective method. |
Additional Configuration - Microsoft
| Source | Publisher/ URL Snippet |
Key Information Contributed |
| Create sender allowlists for cloud mailboxes | learn.microsoft.com/en-us/defender-office-365/create-safe-sender-lists-in-office-365 Microsoft Documentation |
This document discusses the role of Outlook Safe Senders and refers to administrative methods (like the linked Configure junk email settings on cloud mailboxes) which involve the PowerShell cmdlet. |
| Allowlisting - Automatically Download Images For Emails Sent To Microsoft 365 | help.caniphish.com/hc/en-us/articles/11053104653199-Allowlisting-Automatically-Download-Images-For-Emails-Sent-To-Microsoft-365 Third-Party Security Vendor |
Provides the exact PowerShell script (`Get-Mailbox... |
| Reloading images for certain senders (Microsoft 365) - SoSafe Support |
support.sosafe.de/ADOC/reloading-images-for-certain-senders-microsoft-365 |
Explicitly states that managing safe senders for the entire organisation via PowerShell is the efficient approach to allow image downloads. |
Additional Configuration - Palo Alto
| Source | Publisher | Key Information Contributed |
| App-ID QUIC Protocol Details | Palo Alto Networks TechDocs |
Explains how Security policy rules match sessions against applications like QUIC.
|
| Google Cloud IP Ranges | Google Workspace Admin Help |
Confirms that Google Cloud/Workspace IP ranges are allocated dynamically and change frequently.
|
| Credential Phishing Prevention | Palo Alto Networks TechDocs |
Instructions on how to allow user credential submissions to trusted URL categories.
|
| Security Policy Management | Palo Alto Networks TechDocs |
Guidance on rule evaluation order (top-to-bottom) and creating high-priority "Pre-Rules".
|
| Blocking QUIC Best Practices | Palo Alto Networks TechDocs |
Recommended practices for managing QUIC traffic to maintain network visibility.
|
| Custom URL Categories | Palo Alto Networks TechDocs |
Procedure for creating custom URL objects to group simulation domains for policy matching.
|
| CDN Infrastructure Overview | Google Cloud Documentation |
Explains how Cloud CDN uses a global edge network to serve content from dynamic IP addresses.
|
| URL Filtering Configuration | Palo Alto Networks TechDocs |
Steps to configure URL filtering profiles to alert or allow specific categories.
|
| Domains and IP Addresses | Secure Schools Help Centre |
Provided specific sending IP (185.250.239.80) and infrastructure IP (35.190.80.1).
|
Additional Configuration - ESET
|
Source |
Publisher | Key Information Contributed |
| Protection settings for Exchange Online | ESET Online Help |
Details on configuring Protocol filtering and URL address management.
|
| Policies | ESET Online Help |
Steps to create policies, assign them to targets, and edit Anti-Spam lists.
|
| Key features ESET Cloud Office Security | Direction Forward |
Overview of how ECOS scans message bodies to identify and filter phishing links.
|
| ESET Cloud Office Security (ECOS) | ESET Learning Lab |
Context for activating ECOS and setting detection thresholds.
|
| Domains and IP Addresses | Secure Schools Help Centre |
Platform-specific IP addresses and distribution domains required for the safelist.
|
Additional Configuration - Sophos
| Source | Publisher | Key Information Contributed |
| Manage Websites | Sophos Central Admin Docs |
Procedures for adding sites to the Website Management list and overriding categories.
|
| Website Exclusions | Sophos Central Admin Docs |
Instructions for specifying websites for exclusion to bypass protection checks.
|
| Phishing Simulation Troubleshooting | Secure Schools Help Centre |
Explanation of how third-party suites can cause connection resets or 404 errors.
|
| Sophos Email Allow/Block Lists | Sophos Central Admin Docs |
Steps to manage inbound allow lists for trusted domains.
|
| School Protect User Guide | LGfL Support |
Guidance on technical configuration changes for LGfL-managed connections.
|
| Domains and IP Addresses | Secure Schools KB | Platform IP addresses and distribution domains. |