Email Delivery - Single Mail Filter

Understanding the flow of email into the organization can help determine how much, and what type of safelisting needs to be done. Typically an organization will have an email filter in front of their mail server to stop potential threats before they're delivered to an end user: 

In these cases, safelisting at the filter, using our sending IP addresses, is sufficient to ensure the emails are delivered to the end users' inboxes on the Mail Server. However, more advanced safelisting, such as in the case of Microsoft 365 customers using Exchange Online Protection (EOP), may be necessary to create additional rules to not only ensure delivery, but that the emails are not qualified as Junk\SPAM or tested for malicious payloads. 

Email Delivery - Multiple Mail Filters

In some cases, multiple mail filters may be deployed. This provides additional challenges to ensuring proper mail delivery since most mail filters will not see the original mail sending IP address if it is behind another mail filter:


To safelist correctly in this scenario, along with safelisting by sending IP at Filter-1, an alternate identifier will be needed to safelist through Filter-2. This is typically a value in the header of the email that provides validation after it's allowed past Filter-1. Filter-1 can also be used to introduce a value to mail header that additional filters downstream can use to pass the email or set rules to ensure proper handling of the email (set SCL or bypass ATP, as examples) past Filter-1.

Application Access - Web Proxies\Firewalls

Along with the ability to access the Security Awareness Training Platform to participate in their interactive training, users and applications installed in network may also need access to several external URLs to ensure proper functionality. Web proxies may block these communications and prevent users or applications (such as PhishAlarm) from accessing the necessary resources.
 

See Safelisting Guide for more information.