Whitelisting Technical Information
This guide provides the technical requirements needed to configure your Email Gateway or Filtering Solution to ensure the successful delivery of our simulated phishing emails and system notification emails.
Important: The configuration must be set to bypass ALL security checks and layers, including Anti-Spam, Anti-Virus, Malware Scanning, Link Rewriting / Sandboxing, and URL Defence tools. Please ensure you have read Whitelisting Basics before proceeding.
Whitelisting by Sender/Mailer Domain (Recommended Method)
Allow the following domains for system and simulation emails:
Whitelisting by App Domain
Allow the main application domain used for training and simulations: Ensure that Web Filters, Firewalls, and Endpoint Security do not block or interfere with the simulated phishing landing pages.
- App Domain: app.goldphish.com
- Phishing Simulation Landing Page URL: app.goldphish.com/* (Whitelist all paths on this domain)
Whitelisting by Sender IP Address (Use Only When Required)
Only add IPs if your specific gateway or mail provider requires IP-level whitelisting. Always prioritise domain-based whitelisting unless otherwise indicated in the relevant gateway guide.
- 161.38.204.226
- 141.193.32.11
- 77.68.84.212
Sender Addresses
All platform and phishing simulation emails will come from the following 'From' addresses, which end-users will see in their inboxes:
Validation and Next Steps
- Allow up to 1-24 hours for all changes to propagate.
- Run a small phishing test (send to 2–3 learners).
- Confirm the simulated emails arrive without being rewritten, quarantined, scanned, or marked as suspicious.
If you need a hand, reach out to our Support Team via email at support@goldphish.com.🚀🛠️