Whitelisting in Barracuda

This article will cover how to whitelist our Platform’s training notifications and simulated phishing emails if you are using Barracuda's Email Security Gateway.

Barracuda Sentinel Allow Senders


Using Barracuda Sentinel's Allow Senders list allows our platform emails to bypass your organisation's current whitelisting rules.

👉🏼See Barracuda's How to Allow Senders guide for more information.

To Add Specific Senders to the Allowed Senders list:


  1. Log in to your Barracuda admin console.
  2. Click Dashboard in your console.
  3. Click the Settings icon, which should appear as a gear.
  4. Click Allowed Senders.
  5. In the Sender Email or Domain section, enter one email or domain name you want to allow.

Note: The system allows you to enter only one sender at a time, rather than adding in bulk. Enter one domain or email in this field and complete the steps below. Repeat the process, as needed, for each additional email or domain.

  1. You can add a comment to your email address or domain name if you wish.
  2. Click Save.

You can also delete or edit the email addresses and domain names from the Allowed Senders page using their respective icons.

👉🏼Our whitelisting technical information can be found here: Whitelisting Technical Information.

Barracuda Intent Analysis


Whitelist our Security Awareness Platform in Barracuda's Intent Analysis feature to prevent the URLs in our simulated phishing tests from being changed or potentially resulting in skewed phishing test results.

👉🏼See Barracuda's Intent Analysis - Inbound Mail guide explaining this process.

If you are using Barracuda's Email Security Service (Cloud), follow these steps to whitelist Barracuda's Intent Analysis:


  1. Log in to your Barracuda Cloud Control
  2. Navigate to Email Security > Inbound Settings > Anti-Phishing
  3. Under the Intent section, add our platform's hostname, app.goldphish.com. Make sure the Policy drop-down is set to Ignore

If you are using Barracuda's Email Security Gateway ( on-premises), follow these steps to whitelist Barracuda's Intent Analysis:


  1. Log in to your Barracuda Email Security Gateway web interface
  2. Navigate to Email Security Gateway > Basic > Spam Checking
  3. Under the Intent Analysis section, add our platform's hostname, app.goldphish.com, to the URL Exemptions: text box field.

For more information, check out Barracuda's Knowledge Base:

Barracuda Advanced Threat Protection (ATP)


If you are using Barracuda's Advanced Threat Protection (ATP) and have experienced false clicks or false attachment opens, you can set up exemptions. Setting up exemptions allows you to bypass PDF scanning for phishing test emails from our IP addresses. 


  1. Log in to your Barracuda Email Security Gateway web interface.
  2. Select the ATP Settings tab.
  3. Enter our IP address(es)
  4. Click Add

👉🏼For the most up-to-date list of our IP addresses, please see our Whitelisting Technical Information guide.

Test Campaign


After following this guide, allow 1–24 hours for the updates to be saved and propagated.

Then set up a small test phishing campaign (2–3 users) to confirm:


  • The simulated emails arrive as expected, and
  • They are not rewritten, scanned, or auto-clicked.

Note:  If you encounter issues whitelisting in Barracuda, we recommend reaching out to Barracuda directly for specific instructions. See our Whitelisting Basics Guide for an email template you can send to your service provider. 

If you need to have any questions, please reach out to our Support Team via email at support@goldphish.com.🚀🛠️

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles