Description


These whitelisting instructions will allow all emails from our platform to be sent & received (Welcome, weekly security tips, phishing, and push notifications). The most effective way to whitelist is by IP Address and domain. Our phishing header is also included below. If using Office 365, you will need to configure Advanced Delivery for SecOps Mailboxes and Third-Party Phishing Simulations.


Requirements


Access to Spam Filter 


The Process

IP Addresses

Welcome, Weekly Security Tip & Push Notifications Emails

149.72.184.111

168.245.40.98

149.72.207.249

168.245.30.20

 

Phishing Emails

54.209.51.230

18.209.119.19

34.231.173.178

168.245.68.173 *

168.245.34.162 *

157.230.65.76 *

 

* These are reserve IP addresses.  If you are using a third party spam filter and it has it’s own IP addresses, you can replace these reserve IP addresses with the third party spam filter’s IP addresses.


Domains

Welcome, Weekly Security Tip & Push Notifications Emails

security-reminders.com

pii-protect.com

Phishing Emails

it-support.care

customer-portal.info

member-services.info

bankonlinesupport.com

secureaccess.biz

logineverification.com

Iogmein.com

mlcrosoft.live

cloud-service-care.com

packagetrackingportal.com

Phishing Email Header

This is the Phishing Email Header we use; you can choose to whitelist these as well but not required:

X-SN-EMAIL-PHISHING


Sender Emails 

Whitelist these emails for the Welcome, Weekly Security Tip & Push Notifications Emails

 

No-reply@security-reminders.com 

no-reply@pii-protect.com 

Whitelisting for various platforms: 


The methods to do this depend on the spam filter you are using. Some common filters are listed below along with directions on how to whitelist.

Microsoft 365


Use one of the following methods to whitelist.

Powershell Script for Whitelisting:

#Requires -Module ExchangeOnlineManagement 

Install-Module ExchangeOnlineManagement

Connect-ExchangeOnline

 

#IP addresses for phishing, welcome, micro-training, newsletter & reminder emails

$IPAddresses = "149.72.207.249/32",

"168.245.40.98/32",

"149.72.184.111/32",

"168.245.30.20/32",

"54.209.51.230/32",

"18.209.119.19/32",

"34.231.173.178/32",

"168.245.68.173/32",

"168.245.34.162/32",

"157.230.65.76/32"

 

#Phishing Domains

$domainList = "it-support.care",

"customer-portal.info",

"member-services.info",

"bankonlinesupport.com",

"secureaccess.biz",

"logineverification.com",

"Iogmein.com",

"mlcrosoft.live",

"cloud-service-care.com",

"packagetrackingportal.com"

 

#Phishing Simulation URLs

$simURL = "~it-support.care~",

"~customer-portal.info~",

"~member-services.info~",

"~bankonlinesupport.com~",

"~Iogmein.com~",

"~mlcrosoft.live~",

"~packagetrackingportal.com~",

"~secureaccess.biz~",

"~logineverification.com~",

"~cloud-service-care.com~"

 

#Phishing Override Rule Name

$phishRuleName = "BSNPhishSimOverrideRule"

#Connector Name

$connectorName = "BSN Connector"

 

 

#Add URL's to Advanced Delivery Third Party Phishing Simulation

New-TenantAllowBlockListItems -Allow -ListType Url -ListSubType AdvancedDelivery -Entries $simURL -NoExpiration

 

#Create a connector for BSN IP addresses

New-InboundConnector -Name $connectorName -SenderIPAddresses $IPAddresses -RequireTls $true -Enabled $true -SenderDomains *

 

#Set Connection Filter Policy

$listIPAllowList = New-Object System.Collections.Generic.HashSet[String]

foreach ($ip in $IPAddresses){[void]$listIPAllowList.add($ip)}

(Get-HostedConnectionFilterPolicy -Identity Default).IPAllowList | ForEach-Object {[void]$listIPAllowList.Add($_)}

Set-HostedConnectionFilterPolicy -Identity Default -IPAllowList $listIPAllowList

 

Connect-IPPSSession

 

#Add domains and IP addresses to Advanced Delivery Third Party Phishing Simulation

New-PhishSimOverridePolicy -Name PhishSimOverridePolicy

New-PhishSimOverrideRule -Name $phishRuleName -Policy PhishSimOverridePolicy -SenderDomainIs $domainList -SenderIpRanges $IPAddresses 
 

 

Manually Set Up Advanced Delivery for Third-Party Phishing Simulations:

Log into your Office 365 portal and go into the Admin Center. The 3rd party phishing simulator is under Policies & Procedures > Threat Policies > Advanced Delivery. Add the 8 IP addresses and 10 domains from the lists above. 

Direct Link: https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation 

Graphical user interface, text Description automatically generated

Manually Set Up Connection Filter Policy:

Direct Link: https://security.microsoft.com/antispam

Graphical user interface, text, application, email Description automatically generated

 

 

Important!

 

If using the Report Message add-in, a user will receive false positive readings of clicking on links if the tool is used. 

https://support.microsoft.com/en-us/office/use-the-report-message-add-in-b5caa9f1-cdf3-4443-af8c-ff724ea719d2

In addition, if you are using Microsoft Advanced Threat Protection in Office 365 use the following document to set up “do not rewrite” lists: 

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-a-custom-do-not-rewrite-urls-list-with-atp?view=o365-worldwide

G Suite

https://support.google.com/a/answer/2368132?hl=en

Other Platforms:

Exchange 2007 - http://exchangepedia.com/2007/01/exchange-2007-content-filter-the-whitelist-is-here.html

Exchange 2010 - https://technet.microsoft.com/en-us/library/bb125225(v=exchg.141).aspx

Barracuda Block and Accept Policies - https://campus.barracuda.com/product/emailsecuritygateway/article/BSF/IPAnalysisInbound/?welcome-to-campus=techlibrary

Barracuda Intent Analysis Instructions - https://campus.barracuda.com/product/emailsecurityservice/article/BESS/IntentInbound/?welcome-to-campus=techlibrary

Websense - http://www.websense.com/content/support/library/web/v76/filter_faqs/filter_faq_whitelist.aspx

Trend Micro - http://esupport.trendmicro.com/solution/en-US/1056393.aspx

Forefront Protection for Exchange - https://technet.microsoft.com/en-us/library/cc483077.aspx

 


.