Skip to main content

Whitelisting Guide (Proofpoint)

How to configure Proofpoint to allow revel8 phishing simulations - including email delivery bypass and URL Defense exclusions for both Essentials and Enterprise.

🛠️ 1. Email Delivery Bypass for Phishing Simulations

The email delivery bypass tells Proofpoint to allow revel8 phishing simulation emails through spam and malware filtering. Without this, simulation emails may be blocked or quarantined before reaching your users.

💡 Get your revel8 IPs or Domains first

Before starting, ensure you have access to the revel8 platform to retrieve the relevant domains and IPs (IntegrationsWhitelisting), or you have received the list from your revel8 contact.

Proofpoint Essentials

  1. Log in to your Proofpoint Essentials admin console.

  2. Navigate to Security SettingsEmailSender Lists.

  3. Under the Safe Senders list, enter the revel8 IP addresses and / or sending domains from the revel8 IntegrationsWhitelisting tab. Add one entry per line.

  4. Click Save.

Proofpoint Enterprise - Organizational Safe List

Use this method to prevent simulation emails from being classified as spam.

  1. From your Proofpoint Enterprise admin console, click Email Protection.

  2. Navigate to Spam ProtectionOrganizational Safe List.

  3. Click Add. A popup labeled Proofpoint – Global Safe appears. Fill in the following:

    • Filter Type: Select Sender Hostname.

    • Operator: Select Equals.

    • Value: Enter the revel8 IP addresses from the IntegrationsWhitelisting tab.

  4. Click Save Changes.

⚠️ Important notes

  • Add one IP address or domain per entry.

  • Changes may take up to 30 minutes to propagate after saving.

  • Toggle in the revel8 platform for each added domain/IP

🛡️ 2. Configure URL Defense Exclusions

Proofpoint's URL Defense (part of Targeted Attack Protection) rewrites and scans URLs in emails. This can cause revel8 simulation landing pages to display incorrectly or redirect users to a Proofpoint warning page. Adding revel8 domains as exceptions prevents URL rewriting for simulation emails.

💡 License requirement

URL Defense is part of Proofpoint's Targeted Attack Protection (TAP) add-on. If the option is not visible in your console, verify your subscription includes TAP.

  1. From your Proofpoint admin console, click Email Protection.

  2. Under the Targeted Attack Protection section, select URL Defense.

  3. Click URL Rewrite Policies.

  4. Under the Exceptions section, enter the revel8 domains and IP addresses from the IntegrationsWhitelisting tab. Use the entries listed under Safe Link Domains and Fake Website Domains.

  5. Click Save Changes.

💡 Impact of the Whitelisting Toggle (Domain Rotation)

By marking a specific domain or IP as active via the toggle in the revel8 platform, you indicate that it can be used for phishing simulations. The platform then automatically selects from available active domains, ensuring dynamic rotation. If you have whitelisted via IP addresses please toggle all domains as well.

Final Checklist

  • revel8 IPs and domains added to Sender Lists (Essentials) or Organizational Safe List / Email Firewall Rule (Enterprise)

  • URL Defense exceptions configured with revel8 Safe Link Domains and Fake Website Domains

  • Toggle activated in revel8 platform for all configured domains and IPs

  • Settings saved - allow up to 30 minutes for changes to take effect

Related Articles
Whitelisting Guide (Google Workspace)
Whitelisting Guide (Microsoft Defender)
Outbound URL Whitelisting in Microsoft Defender for Endpoint
Did this answer your question?