To make sure our simulated phishing emails reach your users, you need to arrange for the following IP address and domain to be allowlisted in your mail servers (you may need your IT department to enable this):

IP 167.89.33.127 /cs-mail-sender.com / Simulated Phishing attacks

If you are using a mail filter, both your email solution and inbound gateway (Filter) needs to be allowlisted.

For more information about allowlisting, click here.

CybSafe phishing tracks the "opens" of an email using a unique hidden image pixel to record an open event. This however has some technical limitations:

We use email service SendGrid to track email opens, clicks and bounces. Our simulated phishing emails contain non-copyright brands, with non-offensive content. 

The sender domain will always be cs-mail-sender.com but with a spoofed <from> address.

The tracking url will always contain https://u6197305.ct.sendgrid.net from SendGrid, where only CybSafe are authorised to use this subdomain. For secure use in an allow list, we recommend to include the subdomain: u6197305.ct.sendgrid.net

CybSafe do not send file attachments in emails.

Users may be encouraged to enter data as part of the phishing simulation. CybSafe will only capture the metadata surrounding the event, at no stage is input data recorded, analysed or retained in any way. Users who click through a phishing email are redirected to a learning page that provides information on the simulated attack and advice on how to avoid similar attacks in the future.

In addition to the allow list of domains/IP addresses, CybSafe emails always contain HTML with the following signature (note this is an example, the ID is unique to the email):

The HTML shown in BOLD will always be present, so email triage can be automated with an HTML body search for “cs-unique-ref”.