Safelisting On The EU (Europe) Platform

Proofpoint Security Awareness Training uses a variety of systems to communicate to devices within your network and deliver email messages to your end users. This guide documents the IP addresses, domains and URLs used to deliver this information. This document should be provided to your email or security administrators to ensure reliable communications.  

Note: 

  • Only perform safelisting for your licensed Proofpoint Security Awareness Training products. 
  • Only safelist the IPs and domains for your hosted location.  If you aren’t sure of your hosted location, please contact Customer Support.

Training Notifications

Proofpoint recommends that Training Notifications are sent with a “From:” address that uses your organization’s domain name. This email address will be more familiar to the user and allow the user to easily reply to the message, should they have questions. Before we can send emails using your domain name, you must contact your mail administrator as most email systems restrict email using your organization’s domain name to authorized mail servers. To allow email from our servers using your organization’s domain name, we recommend asking your email administrator to make the following changes: 

  • Add the appropriate IP addresses to your SPF records and your email filter safelist 
  • securityeducation.com is a domain that can also be safelisted for web filtering 

Training Platform

  • 54.229.2.165 
  • 52.30.130.201 

In order to have the uploaded images from the Training Platform automatically downloaded within Outlook, we recommend safelisting the following domain and adding it to the Trusted Sites (located under the Security Tab in Internet options in IE): platform-web-eu.securityeducation.com 

Phishing Assessment

To ensure users are provided a realistic assessment, we recommend safelisting the following IP addresses to allow for simulated Phishing attacks to be sent to your end users:

  • 52.17.45.98 
  • 52.16.190.81 

    You need to add these above IPs to your domain's SPF record.

    Example: If your SPF is

    "v=spf1 include:protection.outlook.com a:dispatch-us.ppe-hosted.com ~all"

    You should modify the SPF record thusly:

    "v=spf1 include:protection.outlook.com a:dispatch-us.ppe-hosted.com ip4:54.229.2.165 ip4:52.30.130.201 ip4:52.17.45.98 ip4:52.16.190.81 ~all"




Phishing stock images are hosted at tslp.s3.amazonaws.com.  These images are embedded in Attachments and Teachable Moments.  Safelisting this domain in your firewall or proxy server will ensure these images are displayed to your end users.  Custom images are images that the Phishing Admin has uploaded to personalize their Phishing campaign and are stored at the following domain:  ts-eu-uploads.s3.amazonaws.com.  The following Additional Phishing Administrative Resource URL can be safelisted to ensure proper delivery of all assets including text content, graphics, photographs, videos, audio files, and databases: d2k53c71t1ovai.cloudfront.net.

Phishing Domains 

Below is a list of phishing domains you may utilize in your Phishing campaigns. We recommend that you provide this list to your IT or security administrators to ensure that your users will be able to access the Teachable Moment seamlessly from within your organization’s network.   

Phishing Teachable Moments will also make calls to the following URLs: 

Europe 


4ooi.co.uk 

4ooi.net 

accounts-receivable.online 

admissionshelpu.com 

adobe-0nline.net 

adobedocuments.com 

aibaba-deals.com 

amazoon.site 

annualenroll.net 

avoidphishing.eu.securityeducation.com* 

bancaire.co.uk 

bancaire.org 

beingthebestU.com 

bizsolutions-int.co.uk 

bizsolutions-int.com 

breaking-news-network.co.uk 

breaking-news-now.net 

c0ncursolutions.com 

cardservices.vip 

citydiscounts.org 

cloud-store.space 

coffeetooyourdesk.com 

combase.io 

committee4strongleadership.org 

contract-sign.site 

corpbenefitplan.net 

corp-internal.co 

corp-internal.org 

corpoutlook.co.uk 

corp-password-mangemet.com 

corp-password-mangemet.fr 

corp-password-mangemet.us 

cyber-sale.com 

dcscanscation.net 

decision2016.online 

detailswire.net 

docsign-online.net 

docs-sharepoint.com 

dodgylink.co.uk 

domainte.com 

dropboxlink.net 

dynssi.net 

Eatandreward.com 

egencia-website.com 


electioninfo.news 

emaildistro.net 

emailquarantine.net 

enegry.info 

entwurf-laden.com 

epayroll.solutions 

eservce.biz 

eservce.co.uk 

eservce.fr 

eservce.net 

event-planer.com 

exch01-corp.net 

facbooklogin.co.uk 

firstfedtrust.us 

flightstatalert.net 

flight-status-alert.com 

flight-status-alert.me 

freeenergypress.org 

fundingsource.world 

giftgreeting.com 

global-bancaire.com 

gotwebinar.org 

gov-services.net 

grnail.online 

hpdocument.net 

hr-internal.co 

hrmc.me.uk 

ibwalletsecurelogin.com 

informedvoterleague.org 

info-week.biz 

instagrarn.org 

internalitsupport.net 

investmentsecuresite.com 

k-trafficxmj.co 

k-trafficxmj.co.uk 

k-trafficxmj.com 

linkedincdn.co.uk 

linkedincdn.net 

linkedincdn.us 

loanpaymentservices.com 

localhostlocaldomain.net 

mailcenter-alert.net 

mail-delivery-system.info 

maliciousfile.com 


maliciousfile.download 

matchesonline.org 

meeting-reminder.net 

metflix.pw 

micrasoft-395office.com 

micrasoft-onedrive.com 

myensurance.services 

Mypayrollservice.net 

nationalcouncil4not-for-profits.org 

olympicresults.site 

onlinebankingsevices.com 

online-docshare.com 

p183321.net 

package-track.com 

package-track.info 

password-update.me 

payqal-login.com 

phishingtraining.eu 

ransomware.website 

recruitpros.co 

register-now.net 

rnetflix.io 

scandoc-center.com 

securityeducation.com 

security-education.net 

self-serve.ltd 

shipping-notification.info 

shoppingbuyrewards.com 

sportstoday.life 

sso-local.net 

stubclub.net 

swift-track.co.uk 

swift-track.info 

techsupport-corp.net 

therecruitpro.net 

uscis-gov.net 

user-account.net 

verifier-sure.com 

vobamobile.co 

xerox-scandevice.com 

yggui.de 

yggui.li 

youarebeingphished.com 

Yourexpo.co.uk 




* This domain is for Attachment Campaigns only