Reference Guide for Deliverability



Change History

Section Details  Date of Change
Training and Phishing Simulation URLs to allow

Old URL "**" replaced with "**."

February 8th, 2022

IP Addresses

Updated BPID IP address list

October 19, 2023

IP Addresses

Description: The BullPhish ID system uses the listed IPs to send phishing and training emails to the targets.

  • (SMTP Server IP- server from which we send Phishing & Training Emails)
  • (SendGrid IP - needed for sending notification emails but only if you are using Dark Web ID as well as BullPhish ID)

Email Headers

Description: We utilize the following email header to assist in identifying messages from Phishing Simulations or Training & Awareness. Each email sent from the BullPhish ID system to the target will contain the following header.

  • X-Mailer: BullPhish

Sending Domains

Description: The BullPhish ID system uses the listed domains to send phishing and training campaigns to the targets.

Our Sending Profiles and URLs will all utilize one of the listed domains. In addition to Mail configurations, add to any Email Security Layers such as Microsoft Defender (formerly ATP), Proofpoint, Barracuda, Mimecast, and others. It is considered for Link Re-Writing.

The list of sending domains available on the BullPhish ID Sending Domains page under Settings section.

  • Click Export Sending Domains button to download a CSV of every sending domain from your organization, along with their verification status. To access this functionality, into BullPhish ID, select Settings on the left navigation panel > Sending Domains > Export Sending Domains.


Training and Phishing Simulation URLs to allow:

Description: The BullPhish ID system uses the URLs below to show the Training and Phishing content on a webpage. This section is only applicable to the o365 safelisting guide.

Expand this setting and enter the following URLs by clicking in the box, entering a value, and pressing Enter or selecting the value displayed below the box.

  • **

Information on Domains Rotation

Links inside the Phishing Emails will use the Top-Level URLs.

When the user clicks on this Top-Level URL inside the email, our system will automatically redirect and rotate them to a Secondary domain in our database. These Secondary Domains do not need to be safelisted as we rotate them once we get notified that our secondary level URL is blocked.

This process of domain rotations allows us to prevent red screens and ensures that users have access to BullPhish ID content.

Note: If you have any issues, please notify us at






Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section