Hoxhunt's phishing simulations use various sender addresses to mimic well-known services and even you own company domains. Additionally for our credential harvester simulations we use separate landing page domains. Depending on your email security infrastructure, you may need to obtain a list or these domains to maintain proper allowlisting.

Download the domains from Admin Portal

1. Navigate to Admin Portal > Settings > Email delivery.

2. Scroll down to Simulation sender domains and landing pages.

3. Click Export CSV.

Fetch the domains via Hoxhunt's external GraphQL API

Use the following GQL query. This includes the landing page domains.
For more information about using Hoxhunt GraphQL API, please refer to Set up GraphQL API.

query currentUserOrgSimulationSenderDomains { currentUser{ organization{ simulationSenderDomains{ domain createdAt } } } }

Frequently asked questions

Q: The list contain domains without a creation date

A: This is expected. Entries without creation date are from a time before Hoxhunt started to track their entry date to Hoxhunt training.