Security Awareness Safelisting Guide
Safelisting Guide
In order to best use the Proofpoint Essentials Security Awareness (PESA) System, your network and mail systems will need to allow for connectivity to and from certain domains, URLs and IPs within our products. Safelisting allows email messages and web traffic to pass between both of our networks.This guide documents the URLs, IP addresses and domain names used to deliver these communications. This information can be provided to your email or security administrators to ensure reliable product delivery.
Follow the steps below to ensure proper safelisting across your organization:
- Ensure your mail filter(s) accept and relay Proofpoint Essentials Security Awareness training emails effectively.
- With the help of your mail admin, determine what email server you are using and any mail flow rules that may need to be implemented. You may need to consider rules for multiple filter configurations. (ex - you are using O365 and Proofpoint PPS you will need to safelist for both filters).
- Consider other security systems that may be analyzing mail messages. We recommend that our emails be excluded from these security processes to prevent false negatives in a Phishing campaign.
- Evaluate other internal processes that may have an effect on end user mail flow and response. (ex - help desk responses to reported suspicious emails)
- Ensure internal systems can communicate with the Platform and all endpoints across firewalls, proxies, etc.
- Discuss with your Network Administrators to determine if there are any security protocols in place for external communications.
- Evaluate the process for installing applications, plug-ins, etc...within your network.
- Consider permissions if necessary.
- Only safelist the IPs and domains for your hosted location.
Note: If you aren’t sure of your hosted location, please contact Customer Support.