|Section||Details||Date of Change|
|Training and Phishing Simulation URLs to allow||
Old URL "*.secureawareness.net/*" replaced with "*.cloudsurveillance.net/*."
February 8th, 2022
Description: The BullPhish ID system uses the listed IPs to send phishing and training emails to the targets.
- 126.96.36.199 (SendGrid IP - Needed for sending of notification emails)
- 188.8.131.52 (NAT gateway IP - IP address of background processes that initiate sending Phishing & Training Emails)
- 184.108.40.206 (New SMTP Server IP- Where we send Phishing & Training Emails from)
- 220.127.116.11 (Fallback - Secondary IP)
- 18.104.22.168 (Fallback - Secondary IP)
- 22.214.171.124 (Fallback - Secondary IP)
- 126.96.36.199 (Fallback - Secondary IP)
- 188.8.131.52 (Fallback - Secondary IP)
Description: We utilize the following email header to assist in identifying messages from Phishing Simulations or Training & Awareness. Each email sent from the BullPhish ID system to the target will contain the following header.
- X-Mailer: BullPhish
Description: The BullPhish ID system uses the listed domains to send phishing and training campaigns to the targets.
Our Sending Profiles and URLs will all utilize one of the listed domains. In addition to Mail configurations, add to any Email Security Layers such as Microsoft Defender (formerly ATP), Proofpoint, Barracuda, Mimecast, and others. It is considered for Link Re-Writing.
The list of sending domains available on the BullPhish ID Sending Domains page under Settings section.
- Click Export Sending Domains button to download a CSV of every sending domain from your organization, along with their verification status. To access this functionality, into BullPhish ID, select Settings on the left navigation panel > Sending Domains > Export Sending Domains.
Training and Phishing Simulation URLs to allow:
Description: The BullPhish ID system uses the URLs below to show the Training and Phishing content on a webpage. This section is only applicable to the o365 safelisting guide.
Expand this setting and enter the following URLs by clicking in the box, entering a value, and pressing Enter or selecting the value displayed below the box.
Information on Domains Rotation
Links inside the Phishing Emails will use the Top-Level URLs.
When the user clicks on this Top-Level URL inside the email, our system will automatically redirect and rotate them to a Secondary domain in our database. These Secondary Domains do not need to be safelisted as we rotate them once we get notified that our secondary level URL is blocked.
This process of domain rotations allows us to prevent red screens and ensures that users have access to BullPhish ID content.