Skip to main content
Contact Us
My preferencesSign out
Proofpoint, Inc.

Security Awareness Safelisting on the US (North American) Platform

  1. Last updated
  2. Save as PDF
Situation You need information on how to safelist PESA on your US (North American) Platform
Version  Proofpoint  Essentials Security Awareness
 
Summary You will need to Safelist all relevant IPs

Safelisting on the US (North American) Platform

Proofpoint Essentials Security Awareness  uses a variety of systems to communicate to devices within your network and deliver email messages to your end users. This guide documents the IP addresses, domains and URLs used to deliver this information. This document should be provided to your email or security administrators to ensure reliable communications.  

Note: 

 

  • Only perform safelisting for your licensed Proofpoint Essentials Security Awareness  products. 
  • Only safelist the IPs and domains for your hosted location. 

If you aren’t sure of your hosted location, please see contact Support.

Training Notifications

Proofpoint recommends that Training Notifications are sent with a “From:” address that uses your organization’s domain name. This email address will be more familiar to the user and allow the user to easily reply to the message, should they have questions. Before we can send emails using your domain name, you must contact your mail administrator as most email systems restrict email using your organization’s domain name to authorized mail servers. To allow email from our servers using your organization’s domain name, we recommend asking your email administrator to make the following changes: 

  • Add the appropriate IP addresses to your SPF records and your email filter safelist
  • securityeducation.com and ws01-securityeducation.com are domains that can also be safelisted for web filtering

Training Platform

  • 107.20.210.250 
  • 52.1.14.157 

In order to have the uploaded images from the Training Platform automatically downloaded within Outlook, we recommend safelisting the following domain and adding it to the Trusted Sites: 

  • platform.securityeducation.com

The following URL can be safelisted to ensure proper delivery of all assets including text content, graphics, photographs, videos, audio files, and databases: 

  • d1fbefs0dyob6i.cloudfront.net

Phishing 

Phishing  will send simulated phishing attacks to your end users. To ensure users are provided a realistic assessment, we recommend safelisting the following IP addresses:

  • 107.23.16.222 
  • 54.173.83.138 

Phishing  stock images are hosted at tslp.s3.amazonaws.com.  These images are embedded in Attachments and Teachable Moments.  Safelisting this domain in your firewall or proxy server will ensure these images are displayed to your end users.  

Custom images are images that the Phishing Admin has uploaded to personalize their Phishing campaign and are stored at the following domain:   

  • tslp.s3.amazonaws.com
  • ts-uploads.s3.amazonaws.com 
  • s3.amazonaws.com

Note: Phishing emails will come from whatever from address you chose when creating a campaign. You can add the from address to your safe sender list to ensure that the message arrives to the end user's inbox and the tracking pixel is downloaded without having to click download images. Clicking on the download images prevents proper tracking of email opens. This will also prevent the message from ending up in your junk folder

Phishing Domains 

Below is a list of phishing domains you may utilize in your Phishing campaigns. We recommend that you provide this list to your IT or security administrators to ensure that your users will be able to access the Teachable Moment seamlessly from within your organization’s network.  

Many default phishing templates include a subdomain, so if you are safelisting by domain, you may wish to wildcard it (Ex. Safelist *.proofpoint.com, instead of safelisting proofpoint.com to ensure all subdomains are included) 

Phishing will also make calls to the following URLs: 

Phishing North American

The following DMARC (Policy Reject) domains are available for NA-hosted environments. 

4ooi.co
4ooi.com
4ooi.in
4ooi.info
account-maintenance.com
accounts-receivable.co
ackisses53.com
acxx53.com
acxx53.de
admissionshelpu.org
adobe-0nline.com
adobecloudservices.com
aibabba-deals.com
amazoon.online
annualenroll.com
breaking-news-network.net
breaking-news-now.com
business-services.org
byt.im
cadeauavant.fr
cardservices.online
cloud-store.services
combase.co
Committee4StrongLeadership.com
concur-s0lutions.com
contract-sign.online
corpbenefitplan.com
corp-internal.co.uk
corp-internal.com
corp-internal.net
corpinternal.us
corp-internal.us
corpoutlook.com
corp-proxy.com
creditmass.ru
cyber-sale.net
dcscanscation.com
decision2016.win
detailswire.com
docsign-online.com
donatesolutions.net
dropboxlink.com
dynssi.com
educationresource.site
ee77red.ru
egencia-online.com
electioninfo.online

electionsdecision.com
emailquarantine.com
enegry.org
entwurf-laden.de
e-servce.com
event-planer.net
exch01-corp.com
firstfedtrust.com
flightstatalert.com
freeenergypress.com
fundingsource.services
goggl.cc
gotwebinar.online
gov-online.net
gov-services.com
greetingsweb.com
grnail.world
healthline.site
hpdocument.com
InformedVoterLeague.com
info-week.net
info-week.us
internalitsupport.com
investmentsecureportal.com
itnues.net
lesportsacxx53.com
link91.in
linkedincdn.com
loan-payments.com
localhostlocaldomain.com
mailcenter-alert.com
mail-center-alert.com
mail-delivery-system.com
maildeliverysystem.net
maliciousfile.online
matchesonline.net
meeting-reminder.com
metflix.us 
micrasoft-office365.com
microsoftsql.net
myensurance.co
NationalCouncil4not-for-profits.com
netbenefits-access.com
office3889.com
olympicresults.online
onedrive-micrasoft.com
onlinedocshare.com

password-update.com
password-update.net
payablaccounts.com
paypol-login.com
pharmamedsonline.com
pharmlink.in
phishingtraining.com
pipelinenews.net
postcardfast.com
prnewsnet.us
publicemailservice.com
qqoffi55.cc
qqoffi55.com
qquio.com
register-now.world
rwebfix.com
salesteamlink.com
scandeviceservices.com
sec-10k.com
securebankingsevices.com
securelogin-wallet.com
self-serve.co
seriouslydonotclickthis.com
sharepoint-docshare.com
shipment-confirm.com
shippingupdate.net
shopingnow.net
sn84229.co
sphotos-fbcdn.com
stubclub.co
techsupport-corp.com
thedisasterrelief.com
thisisaphishingattack.com
trackingupdate.net
tradeinternationai.com
travelresinfo.com
updamicrosoft.com
updatracking.com
user-account.online
user-account-maintenance.com
vobamobile.net
voicemailaccess.net
webfilteralert.com
www01-local.com

 

Attached is a CSV file of all Phishing domains that will need to be safelisted on the North America (US) production environment.