Whitelisting in Sophos

Whitelisting our domains in your Sophos Email Appliance (SEA) will allow your users to receive simulated phishing and training emails from our platform.

The instructions below include information from the Allow/Block Lists and SEA Configuration guide, provided by Sophos. If you run into issues whitelisting our platform in your Sophos appliance, we recommend contacting Sophos directly for specific instructions. You can also contact us at support@goldphish.com for further assistance.

Modify the Allow/Block Lists

The Allow/Block lists let you specify hosts and senders which are trusted or untrusted. Emails from allowed hosts/senders will ignore Sophos anti-spam filtering.

Follow these steps to add our domains to the Allow list:

  1. In your Sophos Email Appliance (SEA) manager, navigate to Configuration > Policy > Allow Lists.
  2. Click the desired list to display the List Editor dialog box.
  3. If you have a spam filter in front of SEA, select the Senders tab. If you do not have a spam filter in front of SEA, select the Hosts tab.
  4. Enter each required item in the Add entries text field. Click Add.
  5. Depending on what you selected in Step 3 (Hosts or Senders):
    • If Senders, enter our Platform domain names, one by one. You only have to add the domain names you are utilising in the email templates with which you are testing.
    • If Hosts, enter our Platform IP's one by one.

Our whitelisting technical information can be found here: Whitelisting Technical Information.

Sophos Perimeter Protection

Sophos Perimeter Protection will block mail from any non-existent domains and we do not recommend turning this setting off. To workaround this, ensure not to spoof any of the from email addresses on the phishing templates. 

Sophos Firewalls

In order for your users to access our landing and training pages, you must whitelist our domains on your Sophos firewall. These instructions were created for Sophos XG firewalls. Other versions of Sophos firewalls may require different steps, contact Sophos for specific instructions.

  1. Log in to the firewall's portal.
  2. Click on Web
  3. Click on Exceptions
  4. If you don't already have a list of exceptions, click Add Exception.
  5. Provide a name (Phishing Simulator) and a description for the exception list.
  6. Under Skip the selected checks or actions, check the boxes for the services you purchased.
  7. Enter the domains utilised by your email templates one line at a time in the Search/Add box. Using the following format, insert the domain where XYZ is located and change top level domain if it's not .com:
^([A-Za-z0-9.-]‌*\.)?XYZ\.com\.?/

Our whitelisting technical information can be found here: Whitelisting Technical Information.

  1. Click Save.

As with all whitelisting, we recommend setting up a test campaign to yourself or a small group to ensure everything works smoothly before running organisation-wide campaigns.


Whitelisting can be complicated so if you require any further assistance, please contact our support team by clicking here, alternatively contact us through the platform Web Widget.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us