Other: Whitelisting the Phishing Simulator

Whitelisting Instructions for VisuaFUSION Phishing Simulator

To ensure phishing simulation emails are successfully delivered to your users and not flagged as spam or phishing by your email systems, it’s important to properly whitelist our sending infrastructure. These steps help ensure your email provider allows simulated phishing messages through for training and testing purposes.

We recommend using the Test Campaigns feature in your account to verify deliverability before launching live campaigns.

Microsoft 365 (Exchange Online / Defender for Office 365)

Follow these steps to add VisuaFUSION to Microsoft’s Advanced Delivery policy:

  1. Visit Microsoft 365 Defender portal.
  2. Navigate to Email & Collaboration > Policies & Rules > Threat policies > Advanced delivery.
  3. Select the Phishing simulation tab, then click Edit or Add to begin configuration.
  4. In the configuration panel, complete the following:
    • Sending Domain: Add any VisuaFUSION phishing domains used in your templates (see domain list below).
    • Sending IP: Add the following IPs:
      • 5.78.105.240 (Production)
      • 5.78.45.15 (Dev/Build - only if instructed)
    • Simulation URLs to allow: Add each domain as a wildcard entry (e.g., phishingsim.visuafusion.com/*).
  5. Click Add (for new) or Save (for existing) and then Close.

Supported Domains

Production:

  • accountmanage.net
  • auth-online.net
  • direct-auth.com
  • office-authenticate.com
  • tax-check.net
  • emr-auth.net
  • phishingsim.visuafusion.com

Additional test and development domains are available upon request if required for QA or Dev environments.

Google Workspace

  1. Login to admin.google.com with an administrator account.
  2. Go to Apps > Google Workspace > Gmail > Spam, Phishing and Malware.
  3. Under Email allowlist, add: 5.78.105.240, 5.78.45.15
  4. To allow our sending domains:
    1. Under the same Gmail section, click Configure next to Spam settings.
    2. Name the setting for reference.
    3. Enable “Bypass spam filters for messages from senders or domains in selected lists.”
    4. Add the production domains listed above.
    5. Click Save.

Zoho Mail

  1. Login to Zoho Admin Console at mailadmin.zoho.com with an admin account.
  2. Go to Mail Administration > Anti-Spam List.
  3. Select the Allowlist/Blocklist tab.
  4. Under the Allowlist section:
    • Click Add to enter IP addresses: 5.78.105.240 and 5.78.45.15.
    • Add the VisuaFUSION sending domains:
      • accountmanage.net
      • auth-online.net
      • direct-auth.com
      • office-authenticate.com
      • tax-check.net
      • emr-auth.net
      • phishingsim.visuafusion.com
  5. Repeat for TrustedList tab with the domains above.
  6. Click Save to apply the changes.

Troubleshooting

  • If messages continue going to junk or quarantine, consider whitelisting based on email headers instead of IP or domain.
  • Some third-party security appliances (e.g., Trustifi, Proofpoint, Mimecast) may rewrite IPs—consult your vendor’s documentation for header-based safelisting.

Safe Links Configuration (Microsoft Defender)

If Safe Links is rewriting phishing URLs, add each domain in the Simulation URLs to allow section of Advanced Delivery as wildcards (e.g., phishingsim.visuafusion.com/*).

Video Instructions

Video setup walkthrough coming soon.