Safelisting On The EU (Europe) Platform
Proofpoint Security Awareness Training uses a variety of systems to communicate to devices within your network and deliver email messages to your end users. This guide documents the IP addresses, domains and URLs used to deliver this information. This document should be provided to your email or security administrators to ensure reliable communications.
Note:
- Only perform safelisting for your licensed Proofpoint Security Awareness Training products.
- Only safelist the IPs and domains for your hosted location. If you aren’t sure of your hosted location, please contact Customer Support.
Training Notifications
Proofpoint recommends that Training Notifications are sent with a “From:” address that uses your organization’s domain name. This email address will be more familiar to the user and allow the user to easily reply to the message, should they have questions. Before we can send emails using your domain name, you must contact your mail administrator as most email systems restrict email using your organization’s domain name to authorized mail servers. To allow email from our servers using your organization’s domain name, we recommend asking your email administrator to make the following changes:
- Add the appropriate IP addresses to your SPF records and your email filter safelist
- securityeducation.com is a domain that can also be safelisted for web filtering
Training Platform
- 54.229.2.165
- 52.30.130.201
In order to have the uploaded images from the Training Platform automatically downloaded within Outlook, we recommend safelisting the following domain and adding it to the Trusted Sites (located under the Security Tab in Internet options in IE): platform-web-eu.securityeducation.com
Phishing Assessment
To ensure users are provided a realistic assessment, we recommend safelisting the following IP addresses to allow for simulated Phishing attacks to be sent to your end users:
- 52.17.45.98
- 52.16.190.81
You need to add these above IPs to your domain's SPF record.
Example: If your SPF is
"v=spf1 include:protection.outlook.com include:_spf-us.ppe-hosted.com ~all"
You should modify the SPF record thusly:"v=spf1 include:protection.outlook.com include:_spf-us.ppe-hosted.com ip4:54.229.2.165 ip4:52.30.130.201 ip4:52.17.45.98 ip4:52.16.190.81 ~all"
Phishing stock images are hosted at tslp.s3.amazonaws.com. These images are embedded in Attachments and Teachable Moments. Safelisting this domain in your firewall or proxy server will ensure these images are displayed to your end users. Custom images are images that the Phishing Admin has uploaded to personalize their Phishing campaign and are stored at the following domain: ts-eu-uploads.s3.amazonaws.com. The following Additional Phishing Administrative Resource URL can be safelisted to ensure proper delivery of all assets including text content, graphics, photographs, videos, audio files, and databases: d2k53c71t1ovai.cloudfront.net.
Phishing Domains
Below is a list of phishing domains you may utilize in your Phishing campaigns. We recommend that you provide this list to your IT or security administrators to ensure that your users will be able to access the Teachable Moment seamlessly from within your organization’s network.
Phishing Teachable Moments will also make calls to the following URLs:
Europe
4ooi.co.uk 4ooi.net accounts-receivable.online admissionshelpu.com adobe-0nline.net adobedocuments.com aibaba-deals.com amazoon.site annualenroll.net avoidphishing.eu.securityeducation.com* bancaire.co.uk bancaire.org beingthebestU.com bizsolutions-int.co.uk bizsolutions-int.com breaking-news-network.co.uk breaking-news-now.net c0ncursolutions.com cardservices.vip citydiscounts.org cloud-store.space coffeetooyourdesk.com combase.io committee4strongleadership.org contract-sign.site corpbenefitplan.net corp-internal.co corp-internal.org corpoutlook.co.uk corp-password-mangemet.com corp-password-mangemet.fr corp-password-mangemet.us cyber-sale.com dcscanscation.net decision2016.online detailswire.net docsign-online.net docs-sharepoint.com dodgylink.co.uk domainte.com dropboxlink.net dynssi.net Eatandreward.com egencia-website.com | electioninfo.news emaildistro.net emailquarantine.net enegry.info entwurf-laden.com epayroll.solutions eservce.biz eservce.co.uk eservce.fr eservce.net event-planer.com exch01-corp.net facbooklogin.co.uk firstfedtrust.us flightstatalert.net flight-status-alert.com flight-status-alert.me freeenergypress.org fundingsource.world giftgreeting.com global-bancaire.com gotwebinar.org gov-services.net grnail.online hpdocument.net hr-internal.co hrmc.me.uk ibwalletsecurelogin.com informedvoterleague.org info-week.biz instagrarn.org internalitsupport.net investmentsecuresite.com k-trafficxmj.co k-trafficxmj.co.uk k-trafficxmj.com linkedincdn.co.uk linkedincdn.net linkedincdn.us loanpaymentservices.com localhostlocaldomain.net mailcenter-alert.net mail-delivery-system.info maliciousfile.com | maliciousfile.download matchesonline.org meeting-reminder.net metflix.pw micrasoft-395office.com micrasoft-onedrive.com myensurance.services Mypayrollservice.net nationalcouncil4not-for-profits.org olympicresults.site onlinebankingsevices.com online-docshare.com p183321.net package-track.com package-track.info password-update.me payqal-login.com phishingtraining.eu ransomware.website recruitpros.co register-now.net rnetflix.io scandoc-center.com securityeducation.com security-education.net self-serve.ltd shipping-notification.info shoppingbuyrewards.com sportstoday.life sso-local.net stubclub.net swift-track.co.uk swift-track.info techsupport-corp.net therecruitpro.net uscis-gov.net user-account.net verifier-sure.com vobamobile.co xerox-scandevice.com yggui.de yggui.li youarebeingphished.com Yourexpo.co.uk |
* This domain is for Attachment Campaigns only