Email Allowlisting
Table of Contents
Phishing Allowlisting – Spam Filter
When applying allowlists to your email servers and/or email filtering solutions, please refer to the instructions below before applying.
Mail Server IPv4 Addresses:
- 3.106.21.22
- 13.237.47.221
Sending Domains:
- alerting-services.com
- authwebmail.com
- cloud-notification-services.com
- securesupportcloud.com
- office-365-notifications.com
- webnotifications.net
- paypaypal.net
- cmail31.com
Phishing Website Domains:
- *.authwebmail.com
- *.cmail31.com
- *.securesupportcloud.com
- *.webnotifications.net
- *.alerting-services.com
Microsoft/Office 365 - Allowlisting (Use M365 Defender to allow a Phishing simulation)
To ensure Cyber Bark LLC can effectively simulate phishing campaigns, you will need to allowlist our emails. We highly recommend this method for allowlisting as it’s been explicitly created by Microsoft for the purpose of conducting phishing simulations.
Use the Microsoft 365 Defender portal to configure third-party phishing simulations in the advanced delivery policy
1. Login to Microsoft 365 Defender at the following link to go straight to the Phishing Simulation
allowlisting form: https://security.microsoft.com/advanceddelivery?viewid=PhishingSimulation
Note: This form can also be accessed by going to https://security.microsoft.com/ and clicking through Email & Collaboration > Policies & Rules > Threat Policies > Advanced Delivery > Phishing Simulation
2. Click ✏️ Edit icon. Edit or If there are no configured phishing simulations, click Add.
3. On the Edit third-party phishing simulation flyout that opens, configure the following settings:
Sending Domains:
- alerting-services.com
- authwebmail.com
- cloud-notification-services.com
- securesupportcloud.com
- office-365-notifications.com
- webnotifications.net
- paypaypal.net
- cmail31.com
Sending IPs:
- 3.106.21.22
- 13.237.47.221
Simulation URLs to allow:
- authwebmail.com/*
*.authwebmail.com/* - cmail31.com/*
*.cmail31.com/* - securesupportcloud.com/*
*.securesupportcloud.com/* - webnotifications.net/*
*.webnotifications.net/* - alerting-services.com/*
*.alerting-services.com/*services.com
Note: All the above domains and IP addresses are under the sole control of Cyber Bark LLC. As such we can ensure that no unintended emails will originate from these IPs and domains after allowlisting occurs.
4. When you’re finished, click Add/Save and then click Close.
Note: Allowlisting may take up to an hour to take effect.
All done! Allowlisting can be tricky… should you have any difficulties, please don’t hesitate to contact us.
Disabling Microsoft/Office 365 "Report as Phishing" to Avoid False Reports within Outlook Web
Should your recipients use the Microsoft 365 report as phishing feature on one of Cyber Bark’s simulated phishing emails, it can cause a false-positive click to appear in the platform. Naturally, this would be counted as a failure on the recipient’s part even though they never clicked the link, so we want to prevent this from happening.
To do this we’ll need to disable the junk email and phishing email reporting feature via Exchange PowerShell. The simple steps below will guide you through this process.
Use Exchange Online PowerShell to disable the Microsoft 365 “Report as Phishing” feature
1. Open Exchange PowerShell then run the following command to locate the relevant policy:
Get-OwaMailboxPolicy | Format-Table Name,ReportJunkEmailEnabled
2. Set the policy to false, as in the example below:
Set-OwaMailboxPolicy -Identity “OwaMailboxPolicy-Default” -ReportJunkEmailEnabled $false
3. To verify the changes, check a recipient’s Outlook on the web account and select the Mark as phishing option from the drop-down menu, as below:
4. Once the feature has been disabled, recipients will still see the option, however, when it is clicked the message will not be reported and the “successful reporting” message will not display.
Allowlisting – Proofpoint
If you’re using Proofpoint’s spam filtering, you can allowlist Cyber Bark LLC to allow our simulated phishing test emails and training notifications through to your end users.
The instructions below are for third-party software. If you run into issues allowlisting Cyber Bark LLC in Proofpoint, we recommend reaching out to Proofpoint for specific instructions. You can also contact us whenever you need assistance.
Note: If your phishing security test emails are bouncing with the below error message, see the How to Prevent Proofpoint from Bouncing Emails section of this report.
“Sender address rejected: Domain not found (in reply to RCPT TO command)”
Allowlisting in Proofpoint
When you’re ready to allowlist in Proofpoint, follow the below instructions. These instructions were gathered from Proofpoint’s Safelisting Addresses article.
- Navigate to Security Settings > Email > Sender Lists.
- Under the Safe Sender list, enter our IP addresses. (Please see the first page instructions for a full list of our IP addresses)
- Click Save.
If you have issues with attachment-related emails, see Proofpoint’s article on Blocks by Default.
What to Do If Your Emails are Going to Spam
If your emails are being sent to spam or are being quarantined, you’ll need to add Cyber Bark LLC to the Organizational Safe List in Proofpoint.
Follow the instructions below to add Cyber Bark’s IP addresses to the Organizational Safe List:
- From your Proofpoint admin center, navigate to Email Protection > Spam Detection > Organizational Safe List.
- Add either our IP addresses. (See the instructions in the first page)
Phishing Simulation Email Delivery – Troubleshooting Guide
Sometimes phishing simulation emails can be blocked, delayed, or altered by spam filters, email gateways, or security tools.
To ensure successful delivery and accurate reporting, please follow the guide below.
Before the Campaign: Prepare Your Environment
To make sure our emails reach your users’ inboxes, please complete these steps before we send the campaign:
1. Allow-List Sending IPs and Domains
- Add our sending IP addresses and domains to the allow list in all your email security layers
- Include both:
o Inbound connection filters (for IPs), and
o Content filters (for domains and URLs). - Make sure to allow our phishing URLs in any link-scanning or click-protection tools such as:
o Microsoft Defender Safe Links
o Proofpoint TAP
o Barracuda Link Protection
2. Apply Allow-Lists at All Layers
Please ensure allow-lists are applied across all the following systems:
- Microsoft 365 / Exchange Online
- Google Workspace / Gmail
- Third-party email security gateways (Proofpoint, Mimecast, Barracuda, Cisco IronPort, etc.)
- Any Endpoint protection or browser security tools that may block links (CrowdStrike, Defender, etc.)
Tip: Allow at least one hour for allow-list changes to propagate before launching the campaign.
If You Don’t See the Emails
If you’ve already configured allow-lists and still don’t see our emails, here are the
troubleshooting steps to follow:
1. Check Spam, Junk, or Quarantine Folders
- Check user mailboxes: Junk, Spam, Other, Promotions, or Updates tabs.
- Check your organization’s quarantine portals:
- Microsoft 365: https://security.microsoft.com/quarantine
- Google Workspace: Admin Console → Email Quarantine
- Third-party gateways (Proofpoint, Barracuda, etc.): Check their quarantine dashboards
2. Search the Mailbox Directly
- Search by the (email subject line, sender domain, or email address).
- In Office 365, don’t forget to check the Focused/Other inbox tabs.
- In Gmail, check the “Promotions” or “Updates” tabs.
3. Review Delivery Logs
Check your email platform’s message trace tools to check what happened to the messages:
- Microsoft 365: Exchange Admin Center → Mail Flow → Message Trace
- Google Workspace: Admin Console → Email Log Search
- Third-party gateway: Check the platform’s message tracking feature
Look for any:
- Quarantines
- Rejections
- Bounces
- Misspelled IP/domain entries or missing subdomains.
4.Re-Check Allow-List Settings
- Confirm IPs and domains are correctly entered
- Are they applied to the inbound flow (not just outbound)?
- Are they prioritized above stricter policies or default anti-spam rules?
5. Test With a Plain Email
- Let us know, and we can send a simple test email from our sending platform.
- If even this message doesn’t arrive, it strongly indicates allow-lists are not correctly applied or are being overridden.
6. Check for Automated Link Clicks (Bot Activity)
- Some systems (e.g., Proofpoint TAP, Barracuda ATP, etc.) automatically scan or click links
in emails. - These link scanners can trigger false “clicks” before users even see the email.
- Signs of bot activity:
- Clicks within seconds of delivery
- Users say they never clicked
Common Issues to Avoid
- Allow-list applied only to outbound flow, not inbound mail flow.
- URLs not excluded from link scanning/click protection (emails arrive, but links are blocked).
- Greylisting or sandboxing delays - wait a few minutes and recheck.
- Rules not applied across all mail security layers (e.g., Office 365 + Proofpoint)
- Misspelled IP/domain entries or missing subdomains.
Best Practices
- Allow at least 1 hour after making changes for them to take effect.
- Run a test simulation a day or more before the scheduled campaign.
- Use a dedicated test group to verify delivery in live environments.
- Coordinate with all teams managing:
- Email security
- Endpoint protection
- Network/firewall inspection
(Optional) Advanced: SPF, DKIM, and DMARC
If your organization enforces strict inbound DMARC checks, ensure:
- Our SPF records are passing
- DKIM signatures are valid
- Messages are not failing DMARC policy enforcement
We’re happy to provide example headers for you to validate these configurations.
Still Having Issues?
If you’ve followed all the steps above and are still not seeing messages, please send us:
- A screenshot or description of your allow-list settings.
- Results from your email delivery/message trace logs.
- Any bounce-back or error messages you’ve encountered.
- Confirmation of whether URLs were excluded from link scanning.
We’re happy to assist further and troubleshoot directly with your IT or security team.