Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945

Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!

Whitelist by Email Headers

You need to have the option that most other phishing simulators have which is "Whitelist by Email Headers"  Most other vendors have some kind of customer headers so that they can be whitelisted by rule in Office 365 mail.  Without this feature Office 365 will mark all your simulation emilas as spam.

How knowbe4 does it:


  • Hey sTiNkFiZzLe,

    I will pass this feedback on to our development team for further comment. Many thanks for bringing it to our attention!

    For others out there, to ensure successful delivery of Phish Threat emails, please whitelist the IP address(es)/ domains listed within the 'Settings' --> 'Domain List' page. Further information can be seen here.

    Best Regards,


  • I know this is an old thread, but I second this recommendation.  We are two months into our PhishThreat purchase and have to this point been unable to actually effectively use the reporting due specifically to O365 'reading and clicking' on the emails. 

    I have a support ticket open, and they have been unable to assist.  Additionally.  I have added the Mailflow rules for the mark Sophos' email server IP's and the two rules to try and bypass SafeAttachement and SafeLinks based on the sending domain.  All of these have been ineffective.