Before reading further

Hoxhunt has prepared allowlisting instructions for most commonly used 3rd party security solutions. Please first see if we already have ready-made guidelines for you.

Allowlisting Proofpoint solutions
Allowlisting Mimecast solutions
Allowlisting Darktrace solutions
Allowlisting Barracuda solutions
Allowlisting Trend Micro solutions
Allowlisting Cisco Ironport solution
Allowlisting Check Point Harmony Email & Collaboration
Allowlisting McAfee/MX logic solutions

If the above instructions don't apply to you, Hoxhunt provides various other ways to allowlist Hoxhunt phishing simulation emails and Hoxhunt platform in other security and network solutions.

Below you will find generic guidelines that you can follow and apply to your individual needs.

Inbound allowlisting

Inbound allowlisting enables Hoxhunt to safely deliver simulated phishing emails to end user mailboxes. 

For this purpose, Hoxhunt provides the following information:

• sender IP addresses and ranges (193.3.183.0/25, 35.156.0.138)
• customer-specific DKIM signing domain
• custom email header name and value in email's header section
• custom string identifier in simulation email's body section

All of these can be defined and/or fetched from Admin Portal > Settings > Email delivery.

Training domains and sub-domains

If your network stack analyzes links in emails and doesn't allow allowlisting based on the above criteria, you need to allowlist the individual sender domains Hoxhunt uses in training emails. Please access the list of sender domains and landing page domains via Admin portal > Settings > Email delivery > Simulation sender domains and landing pages.
Read more: Hoxhunt simulation sender domains and landing pages

Simulations utilizing domain spoofing

If you'd like to enable Domain Spoofing Simulations, make sure to allowlist them separately. 
Read more: Domain spoofing

Outbound allowlisting

Many firewalls and security solutions perform outbound inspections when users click on fail links in the simulations or they try to navigate to a simulation's landing page.

Outbound allowlisting enables your end users to safely reach the fail flow experience and micro-training, making sure user clicks are not left undetected by Hoxhunt statistics.

To prevent outbound inspections, Hoxhunt provides the following information:

• domains used in fail links
• domains used in landing page simulations (credential harvesters)
• hosting IP range of the domains

Sender domains and landing page domains

List of sender domains and landing page domains can be found in Admin portal > Settings > Email delivery > Simulation sender domains and landing pages.
Read more: Hoxhunt simulation sender domains and landing pages

Microsoft Defender SmartScreen

Allowlisting Hoxhunt simulation domains in Microsoft Defender SmartScreen

Google Safe Browsing for Google Chrome

Allowlisting Hoxhunt simulation domains in Google Safe Browsing for Google Chrome

Exempting domains by DNS TXT response value

If your security solution supports allowlisting the fail link URLs by the hosting IPs of the domains, please consider allowlisting the fully Hoxhunt-owned IP range where all fake domains are hosted: 212.104.128.0/24.

Ensuring connectivity to Hoxhunt services

In some more restricted environments, Hoxhunt's report button may have trouble accessing all the necessary network resources it needs to operate properly. Please refer to the following article if you are experiencing any connectivity-related issues with Hoxhunt:
Ensuring connectivity to Hoxhunt services

Allowlisting proxies

If you are using a proxy solution please take time to read the following instructions:
Allowlisting Zscaler proxy solutions
Allowlisting Blue Coat / ProxySG proxy solutions

Frequently asked questions

If you have any questions about the implementation, please reach out to your Onboarding Manager or Support at support@hoxhunt.com