ISSUE
If you start sending mail originating from KnowBe4, they inadvertantly get caught by proofpoint irregardless if you add the IPs used by them on proofpoint's safe sender list or not. Often the symptom will be messages are going to be classified as malware even though you trusted the IPs and domains used by KnowBe4 to do phishing sims.
FIX
You will need to bypass proofpoint altogether and configure KnowBe4 in smarthost mode.
Check KnowBe4's knowledge base for the process ...
https://support.knowbe4.com/hc/en-us/articles/360000568187
IMPORTANT NOTE
Since this is usually concerning proofpoint in front of office365, normally when we roll out clients on office365, we eventually put in place a lockdown rule to have Office365 only accept mail if it comes from proofpoint. You will need to add to this lockdown rule the IPs belonging to KnowBe4:
The lockdown rule can have many names ... in the example below it was created manually:
Click on "EDIT RULE CONDITIONS"
You want to edit the IP ranges:
And add the IP ranges belonging to KnowBe4:
Otherwise, even with KnowBe4 setup to connect directly to Office365, this rule may interfere.