Sources
A summary of the sources used for some of our articles, written with the assistance of AI.
Additional Configuration - Mimecast
| Source | Publisher/ URL Snippet |
Key Information Contributed |
| Allowlisting (Whitelisting) in Mimecast | metacompliance.com | Detailed steps for creating Permitted Senders, Anti-Spoofing, URL Protection Bypass, and Impersonation Protection Bypass policies. |
| Allow list Managed SAT Emails in Mimecast | huntress.io | Confirmation of the various policies required and the importance of using Source IP Ranges for bypass policies. |
| Allowlisting in Mimecast - Knowledge Base | google.com/search?q=support.infosecinstitute.com | Provided the standard steps for configuration within the Mimecast Administration Console via the **Gateway |
| Allow-list in Mimecast | usecure.io | Reiteration of the policies needed, including Attachment Protection Bypass and Greylisting Bypass. |
| How to Whitelist in Mimecast | doc.keepnetlabs.com | General steps for setting the Policy Narrative and checking Policy Override. |
| Allowlisting in Mimecast - Knowledge Base | google.com/search?q=support.phishingtackle.com | Specific details on setting the policy to apply to External Addresses and the need for a new policy instead of editing the default. |
| Safelisting in Mimecast | google.com/search?q=support.phishingbox.com | General confirmation of the overall policy configuration strategy. |
Additional Configuration - Barracuda
| Source | Publisher/ URL Snippet |
Key Information Contributed |
| Allowlisting in Barracuda - Knowledge Base | google.com/search?q=support.infosecinstitute.com |
Provided the core steps for allowlisting by IP address on both Barracuda Cloud Control (Email Security Service) and the Email Security Gateway (on-premises). It also detailed bypassing Intent Analysis and Sender Authentication.
|
| Allowlist in Barracuda | support.knowbe4.com |
Confirmed the step-by-step process for exempting IPs and provided guidance on exempting IPs from SPF checks (Sender Authentication) and bypassing ATP PDF Scanning (Advanced Threat Protection).
|
| Allow list Managed SAT Emails in Barracuda | support.huntress.io |
Reinforced the need for configuration across multiple features: Standard Allow-list (IPs), Intent Analysis, and Sender Authentication.
|
| Allowlisting in Barracuda | support.metacompliance.com |
Detailed the exact console path for Cloud Control:
Email Security → Inbound Settings → IP Address Policies, and the use of the Exempt policy. |
| Allowlisting PhishGuard in Barracuda | support.cerebra.sa |
Confirmed the steps for bypassing Barracuda's Advanced Threat Protection (ATP).
|
| How to Allowlist Phishing Simulation Emails in Microsoft 365 | sbscyber.com |
Provided the general context that third-party gateways (like Barracuda) require specific, multi-layered allowlisting rules.
|
Additional Configuration - Fortinet
| Source | Publisher/ URL Snippet |
Key Information Contributed |
| Configuring the block lists and safe lists | google.com/search?q=docs.fortinet.com FortiMail Documentation |
Provided the official console path for creating System Safe List entries: Security → Block/Safe List → System, which is the core mail delivery exemption method. |
| Safelisting FortiPhish in FortiMail | google.com/search?q=docs.fortinet.com Fortinet Document Library |
Detailed how to create a highly specific IP-based policy with the Safe & Relay action or a custom IP-Based Policy with a loose session profile to bypass deeper checks. |
| Fortinet safelisting guide | google.com/search?q=help.bullphishid.kaseya.com | Confirmed the need for IP address exemption in FortiMail and the procedure for whitelisting URLs via the FortiGate Static URL Filter to prevent landing page blocking. |
| Fortinet FortiGate Website Allowlisting | google.com/search?q=help.caniphish.com | Provided the firewall console path: Security Profiles → Web Filter, and the process for adding phishing domains with the Allow action to ensure link functionality. |
| FortiMail Workspace Security Data Sheet | fortinet.com | Provided context on the integrated nature of FortiMail Workspace Security for cloud platforms (M365/Google Workspace), confirming the need to consider additional URL/behavioural bypasses beyond the simple gateway IP allowlist. |
| Controlling email based on IP addresses | google.com/search?q=docs.fortinet.com FortiMail Documentation |
Detailed the logic and precedence of IP-based policies over recipient-based policies, reinforcing why an IP-based exemption is the most effective method. |
Additional Configuration - Microsoft
| Source | Publisher/ URL Snippet |
Key Information Contributed |
| Create sender allowlists for cloud mailboxes | learn.microsoft.com/en-us/defender-office-365/create-safe-sender-lists-in-office-365 Microsoft Documentation |
This document discusses the role of Outlook Safe Senders and refers to administrative methods (like the linked Configure junk email settings on cloud mailboxes) which involve the PowerShell cmdlet. |
| Allowlisting - Automatically Download Images For Emails Sent To Microsoft 365 | help.caniphish.com/hc/en-us/articles/11053104653199-Allowlisting-Automatically-Download-Images-For-Emails-Sent-To-Microsoft-365 Third-Party Security Vendor |
Provides the exact PowerShell script (`Get-Mailbox... |
| Reloading images for certain senders (Microsoft 365) - SoSafe Support |
support.sosafe.de/ADOC/reloading-images-for-certain-senders-microsoft-365 |
Explicitly states that managing safe senders for the entire organization via PowerShell is the efficient approach to allow image downloads. |