Whitelisting for Simulated Phishing Tests

To run a phishing simulation, you will need to whitelist IP addresses to ensure that the fake phishing emails are not caught in your business’s spam filter. (If they are caught by your spam filter, then they will not reach your employees, and therefore no test of employees’ abilities can be made.)

After whitelisting, OXEN will send you a test to make sure the phishing email will go through.

Whitelist the following IP addresses

(Welcome & Weekly Security Tip Emails)

149.72.184.111
168.245.40.98

(Phishing Emails)

168.245.68.173
149.72.207.249
168.245.34.162
168.245.30.20
18.209.119.19
34.231.173.178
54.209.51.230
157.230.65.76

The methods to do this depend on the spam filter you are using. Some common filters and directions are listed below.


Microsoft 365 PowerShell script

Note: Check with your Partner of Record before making changes to your Office 365 infrastructure.

If you are using Microsoft 365, you can now execute a PowerShell script to whitelist these IP addresses. You must have an administrator account on your client’s system. Access the PowerShell script and review the documentation here.


Whitelisting Domains

The following domains are used to send the phishing tests. You can whitelist them as well.

pii-protect.com
piiphish.com
it-support.care
cloud-service-care.com
customer-portal.info
efaxcustcare.com
member-services.info
your-shipment.com
bankonlinesupport.com
secureaccess.biz
packagetrackingportal.com
logineverification.com
transferportal.tech
Iogmein.com
mlcrosoft.live
llnkedinc.com
chiro-health.net
emr-portal.com
package-locator.com
amazon-delivers.com
easy-payment.online
pay-my-bills.online
laboratoryresults.net
pt-portal.com

Whitelisting Emails

You can also whitelist these email addresses for the weekly emails.

No-reply@security-reminders.com
no-reply@pii-protect.com

Can you whitelist emails used to send phishing scenarios?

Email addresses for sending phishing scenarios are constantly changing and being added. We recommend you whitelist for IPs instead. If that is not available, whitelist by domain (see left).