This article describes what IP addresses and domains that Phish Threat V2 uses when sending attack emails. It also includes the behavior of Office 365 ATP Safe Link and Safe Attachments with Phish Threat V2. The following sections are covered:
Applies to the following Sophos products and versions Phish Threat
To ensure successful delivery of Phish Threat emails, please include the following IP addresses in the allow list:
Please also whitelist the domains below in your environment to ensure successful completion of your Phish Threat campaigns.
Office 365 Advanced Threat Protection (ATP) offers security features such as the Safe Links and Safe Attachments. ATP Safe Links can help protect the organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents. The ATP Safe Attachments feature checks to see if email attachments are malicious, and then takes action to protect the organization. For more information, please see the following links:
Office 365 ATP Safe Links Office 365 ATP Safe Attachments
If the Phish Threat V2 IP address and domain names are not included in the allow list, Office 365 executes the links making it appear like an end user has clicked on the links. To ensure the proper execution of Phish Threat V2 with Office 365, set up an exception for the Phish Threat V2 IP addresses and domains for both Safe Links and Safe Attachments in Office 365. Please see the following link on how to set up these exceptions.
Bypass Safe Links Processing Bypass Safe Attachments Processing
Similar to the above features in Office 365, other 3rd party mail security products may also apply their own scanning techniques to open links and attachments in mails as they are processed. If this is the case you may also receive reports indicating that your users have clicked links. In such cases please ensure that the above IPs and domains are whitelisted within the 3rd party product.
Currently the only method of applying this whitelisting is by adding the IPs and/or domains above. We are aware that some 3rd party solutions do not allow their security features to be bypassed in this manner, we are actively investigating alternatives that will prevent false positive campaign results caused by 3rd party security products and look forward to including these within Phish Threat in the near future.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.