Safelisting On The US (North American) Platform

Proofpoint Security Awareness Training uses a variety of systems to communicate to devices within your network and deliver email messages to your end users. This guide documents the IP addresses, domains and URLs used to deliver this information. This document should be provided to your email or security administrators to ensure reliable communications.  

Note: 

  • Only perform safelisting for your licensed Proofpoint Security Awareness Training products. 
  • Only safelist the IPs and domains for your hosted location.  If you aren’t sure of your hosted location, please contact Customer Support.

Training Notifications

Proofpoint recommends that Training Notifications are sent with a “From:” address that uses your organization’s domain name. This email address will be more familiar to the user and allow the user to easily reply to the message, should they have questions. Before we can send emails using your domain name, you must contact your mail administrator as most email systems restrict email using your organization’s domain name to authorized mail servers. To allow email from our servers using your organization’s domain name, we recommend asking your email administrator to make the following changes: 

  • Add the appropriate IP addresses to your SPF records and your email filter safelist 
  • securityeducation.com is a domain that can also be safelisted for web filtering 

Training Platform

  • 107.20.210.250 
  • 52.1.14.157
     


In order to have the uploaded images from the Training Platform automatically downloaded within Outlook, we recommend safelisting the following domain and adding it to the Trusted Sites (located under the Security Tab in Internet options in IE): platform.securityeducation.com.  The following Additional Phishing Administrative Resource URL can be safelisted to ensure proper delivery of all assets including text content, graphics, photographs, videos, audio files, and databases: d1fbefs0dyob6i.cloudfront.net.

Phishing Assessment

To ensure users are provided a realistic assessment, we recommend safelisting the following IP addresses to allow for simulated Phishing attacks to be sent to your end users:

  • 107.23.16.222 
  • 54.173.83.138

    You need to add these above IPs to your domain's SPF record.

    Example: If your SPF is

    "v=spf1 include:protection.outlook.com a:dispatch-us.ppe-hosted.com ~all"

    You should modify the SPF record thusly:

    "v=spf1 include:protection.outlook.com a:dispatch-us.ppe-hosted.com

     ip4:107.20.210.250 ip4:52.1.14.157 ip4:107.23.16.222 ip4:54.173.83.138 ~all

Phishing stock images are hosted at tslp.s3.amazonaws.com.  These images are embedded in Attachments and Teachable Moments.  Safelisting this domain in your firewall or proxy server will ensure these images are displayed to your end users.  Custom images are images that the Phishing Admin has uploaded to personalize their Phishing campaign and are stored at the following domain:  ts-uploads.s3.amazonaws.com 

Phishing Domains 

Below is a list of phishing domains you may utilize in your Phishing campaigns. We recommend that you provide this list to your IT or security administrators to ensure that your users will be able to access the Teachable Moment seamlessly from within your organization’s network.   

Phishing Teachable Moments will also make calls to the following URLs: 

North America



4ooi.co 

4ooi.com 

4ooi.in 

4ooi.info 

account-maintenance.com 

accounts-receivable.co 

ackisses53.com 

acxx53.com 

acxx53.de 

admissionshelpu.org 

adobe-0nline.com 

adobecloudservices.com 

aibabba-deals.com 

amazoon.online 

annualenroll.com 

avoidphishing.securityeducation.com* 

breaking-news-network.net 

breaking-news-now.com 

business-services.org 

byt.im 

cadeauavant.fr 

cardservices.online 

cloud-store.services 

combase.co 

committee4strongleadership.com 

concur-s0lutions.com 

contract-sign.online 

corpbenefitplan.com 

corp-hr.com 

corp-internal.co.uk 

corp-internal.com 

corp-internal.net 

corp-internal.us 

corpoutlook.com 

corp-proxy.com 

creditmass.ru 

cyber-sale.net 

dcscanscation.com 

decision2016.win 

detailswire.com 

docsign-online.com 

dropboxlink.com 

dynssi.com 

ee77red.ru 

egencia-online.com 

electioninfo.online 

emailquarantine.com 

enegry.org 


entwurf-laden.de 

eservce.com 

event-planer.net 

exch01-corp.com 

facbook-login.com 

firstfedtrust.com 

flightstatalert.com 

freeenergypress.com 

fundingsource.services 

goggl.cc 

gotwebinar.online 

gov-online.net 

gov-services.com 

greetingsweb.com 

grnail.world 

hpdocument.com 

informedvoterleague.com 

info-week.net 

info-week.us 

instagrarn.net 

internalitsupport.com 

investmentsecureportal.com 

itnues.net 

lesportsacxx53.com 

link91.in 

linkedincdn.com 

loan-payments.com 

localhostlocaldomain.com 

luk66.cn 

mailcenter-alert.com 

mail-delivery-system.com 

maildeliverysystem.net 

maliciousfile.online 

matchesonline.net 

meeting-reminder.com 

metflix.us 

micrasoft-office365.com 

microsoftsql.net 

myensurance.co 

nationalcouncil4not-for-profits.com 

netbenefits-access.com 

office3889.com 

olympicresults.online 

onedrive-micrasoft.com 

onlinedocshare.com 

password-update.com 

password-update.net 

payablaccounts.com 


paypol-login.com 

pharmamedsonline.com 

pharmlink.in 

phishingtraining.com 

pipelinenews.net 

postcardfast.com 

prnewsnet.us 

publicemailservice.com 

qqoffi55.cc 

qqoffi55.com 

qquio.com 

ransomware.site 

register-now.world 

rwebfix.com 

saleslinkforce.com 

salesteamlink.com 

scandeviceservices.com 

sec-10k.com 

securebankingsevices.com 

securelogin-wallet.com 

securityeducation.com 

self-serve.co 

seriouslydonotclickthis.com 

sharepoint-docshare.com 

shipment-confirm.com 

shippingupdate.net 

sn84229.co 

sphotos-fbcdn.com 

sportstoday.biz 

stubclub.co 

techsupport-corp.com 

thisisaphishingattack.com 

trackingupdate.net 

tradeinternationai.com 

travelresinfo.com 

updamicrosoft.com 

updatracking.com 

user-account.online 

user-account-maintenance.com 

vobamobile.net 

voicemailaccess.net 

webfilteralert.com 

www01-local.com 




* This domain is for Attachment Campaigns only