Proofpoint Security Awareness Training uses a variety of systems to communicate to devices within your network and deliver email messages to your end users. This guide documents the IP addresses, domains and URLs used to deliver this information. This document should be provided to your email or security administrators to ensure reliable communications.
Notes
- Only perform safelisting for your licensed Proofpoint Security Awareness Training products.
- Only safelist the IPs and domains for your hosted location. If you aren’t sure of your hosted location, please contact [email protected].
Training Notifications
Proofpoint recommends that Training Notifications are sent with a “From:” address that uses your organization’s domain name. This email address will be more familiar to the user and allow the user to easily reply to the message, should they have questions. Before we can send emails using your domain name, you must contact your mail administrator as most email systems restrict email using your organization’s domain name to authorized mail servers. To allow email from our servers using your organization’s domain name, we recommend asking your email administrator to make the following changes:
- Add the appropriate IP addresses to your SPF records and your email filter safelist
- securityeducation.com is a domain that can also be safelisted for web filtering
Training Platform
- 54.229.2.165
- 52.30.130.201
In order to have the uploaded images from the Training Platform automatically downloaded within Outlook, we recommend safelisting the following domain and adding it to the Trusted Sites (located under the Security Tab in Internet options in IE): platform-web-eu.securityeducation.com
Phishing Assessment
To ensure users are provided a realistic assessment, we recommend safelisting the following IP addresses to allow for simulated Phishing attacks to be sent to your end users:
These IP addresses will need to be added to your SPF record:
- 52.17.45.98
- 52.16.190.81
Phishing stock images are hosted at tslp.s3.amazonaws.com. These images are embedded in Attachments and Teachable Moments. Safelisting this domain in your firewall or proxy server will ensure these images are displayed to your end users. Custom images are images that the Phishing Admin has uploaded to personalize their Phishing campaign and are stored at the following domain: ts-eu-uploads.s3.amazonaws.com. The following Additional Phishing Administrative Resource URL can be safelisted to ensure proper delivery of all assets including text content, graphics, photographs, videos, audio files, and databases: d2k53c71t1ovai.cloudfront.net.
Phishing Domains
Below is a list of phishing domains you may utilize in your Phishing campaigns. We recommend that you provide this list to your IT or security administrators to ensure that your users will be able to access the Teachable Moment seamlessly from within your organization’s network.
Note: Many default Phishing templates include a sub-domain. Therefore, if you are safelisting by domain, you may wish to wildcard it. For example, you would safelist “*.proofpoint.com” instead of safelisting “proofpoint.com” to ensure that all sub-domains are included.
Phishing Teachable Moments will also make calls to the following URLs:
https://tscontent.s3.amazonaws.com
https://d2wy8f7a9ursnm.cloudfront.net
https://dp4eiskq7iesj.cloudfront.net
Domains for EU
4ooi.co.uk
4ooi.net
accountsmaintenance.com
accounts-receivable.online
admissionshelpu.com
adobe-0nline.net
adobedocuments.com
aibaba-deals.com
amazoon.site
annualenroll.net
bancaire.co.uk
bancaire.org
beingthebestU.com
bizsolutions-int.co.uk
bizsolutions-int.com
breaking-news-network.co.uk
breaking-news-now.net
business-services.site
c0ncursolutions.com
cardservices.vip
citydiscounts.org
cloud-store.space
coffeetooyourdesk.com
combase.io
Committee4StrongLeadership.org
contract-sign.site
corpbenefitplan.net
corp-internal.co
corpinternal.org
corp-internal.org
corpoutlook.co.uk
corp-password-mangemet.com
corp-password-mangemet.fr
corp-password-mangemet.us
cyber-sale.com
dcscanscation.net
decision2016.online
detailswire.net
docsign-online.net
docs-sharepoint.com
dodgylink.co.uk
domainte.com
donatesolutions.live
dropboxlink.net
dynssi.net
eatandreward.com
educationresource.store
egencia-website.com
electioninfo.news
electionsdecision.net
emaildistro.net
emailquarantine.net
enegry.info
entwurf-laden.com
epayroll.solutions
eservce.biz
e-servce.biz
eservce.co.uk
eservce.fr
eservce.net
event-planer.com
exch01-corp.net
firstfedtrust.us
flightstatalert.net
flight-status-alert.com
flight-status-alert.me
freeenergypress.org
fundingsource.world
giftgreeting.com
global-bancaire.com
gotwebinar.org
gov-services.net
grnail.online
healthline.care
hpdocument.net
hr-internal.co
hrmc.me.uk
ibwalletsecurelogin.com
InformedVoterLeague.org
info-week.biz
internalitsupport.net
investmentsecuresite.com
k-trafficxmj.co
k-trafficxmj.co.uk
k-trafficxmj.com
linkedincdn.co.uk
linkedincdn.net
linkedincdn.us
loanpaymentservices.com
localhostlocaldomain.net
mailcenter-alert.net
mail-center-alert.net
mail-delivery-system.info
maliciousfile.com
maliciousfile.download
matchesonline.org
meeting-reminder.net
metflix.pw
micrasoft-395office.com
micrasoft-onedrive.com
myensurance.services
mypayrollservice.net
NationalCouncil4not-for-profits.org
olympicresults.site
onlinebankingsevices.com
online-docshare.com
p183321.net
package-track.com
package-track.info
password-update.me
payqal-login.com
phishingtraining.eu
ransomware.website
recruitpros.co
register-now.net
rnetflix.io
scandoc-center.com
security-education.net
self-serve.ltd
shipping-notification.info
shopingnow.store
shoppingbuyrewards.com
sportstoday.life
sso-local.net
stubclub.net
swift-track.co.uk
swift-track.info
techsupport-corp.net
thedisasterrelief.net
therecruitpro.net
trackingupdate.site
user-account.net
verifier-sure.com
vobamobile.co
xerox-scandevice.com
yggui.de
yggui.li
youarebeingphished.com
yourexpo.co.uk