To make sure our emails reach your users, you need to arrange for the following IP addresses and domains to be allowlisted in your mail servers (you may need your IT department to enable this):

Mail Server Configs

The full qualified domain name is app.cybsafe.com

IP 167.89.33.127 / cs-mail-sender.com / Simulated Phishing attacks. For more information around this, please click here

IP 167.89.38.249 / cybsafe.com / Registration, News and Administration

Both these ip addresses are dedicated to CybSafe.

If you are using a mail filter, both your email solution and inbound gateway (Filter) needs to be allowlisted.

Additional help for Office 365 users

To allow both training reminder and simulated phishing emails to reach your users, the Cybsafe servers must be allow-listed on your mail platform(s) – this is usually either Office365 or an on-premise mail server. If you use an external email scanning service, such as FireEye ETP, Mimecast, MessageLabs or Proofpoint, you will also need to allow Cybsafe emails on their system. Please consult their documentation for details of how to do this.

To add the emails to your allow-list on Office365 or an on-premise exchange server, please perform the following steps:

1. Login to the Office 365 Admin centre and open the Exchange admin centre (you may need to click “show all” first)

2. Navigate to “Rules” under “Mail Flow”

3. Click on the Plus icon to add a new rule, and select “Bypass Spam filtering” from the drop-down:

4. Create a new rule with the following settings:

  • Name – “Allow Cybsafe emails”
  • Apply this rule if – “A Message Header includes…” > “Any of these words”Header name – “Authentication-Results”Words or phrases – “cs-mail-sender.com” and “cybsafe.com”

Leave all other settings as default; once complete, it should look like this:

"The configuration of the allow-list on Office 365 is now complete. If you have an external mail filtering service, you should apply the relevant settings according to your providers documentation. You can also use the IP addresses 167.89.33.127 and 167.89.38.249 instead of the FDQNs cs-mail-sender.com and cybsafe.com respectively."

Note – the domains “cs-mail-sender.com” and “cybsafe.com” are used in the MailFrom attribute as per RFC 5321, not in the From attribute as defined in RFC 5322. This ensures that even when the “From” address seen in the email does not match – which is the case for phishing emails - the rule will still be applied.

Still have any questions?

If you still have questions, you can contact the CybSafe team via support@cybsafe.com. We’re on hand to help resolve any further issues!

Did this answer your question?