Skip to main content
All CollectionsPHISH
May 2024 PHISH upgrades
May 2024 PHISH upgrades
Jonathan Webster avatar
Written by Jonathan Webster
Updated over 5 months ago

We’re making some infrastructure upgrades to improve PHISH, which require a configuration update to your email security.

For details about the IPs you need to add, click here

What is the change I need to make?

  1. Secure email gateways and mail servers require allowlist updates to ensure PHISH simulations continue uninterrupted. These changes need to be made before June 20th. The changes to PHISH allowlisting can be found here.

    1. NB: You do not need to change allowlisting for other IP addresses, for instance those used for nudge emails in GUIDE - details here.

  2. We have now updated our “Test campaign” feature to use the new IP addresses, giving administrators the chance to verify their configurations.

  3. Do not remove the original IP’s until:

    1. You’ve tested that the new configuration works - guidance here

    2. Confirmed a successful test with us via the banner on the Phishing Campaigns page

  4. If we do not receive confirmation of updated settings, all active campaigns will be paused June 20th. We will contact affected customers.

  5. After June 20th, we will contact customers with the former IP’s that will no longer be used for CybSafe PHISH, so that they can be removed from allowlists.

How should I test the change?

When using our "Test phishing campaign" feature to test the new configuration you should test that.

  1. You successfully receive a CybSafe simulated phishing email within a short period

  2. The statistics on the Phishing reports for the test campaign reflect your behaviour with it (use the campaign filter for this).

  3. If you have a reporting flow in place, you're able to report the email.

Why are you making changes?

We’re making this change because we believe we are at the stage where we have run into too many limitations of our existing provider. These changes will improve our resilience and avoid situations like our May 11th outage, causing email delays of up to 5 hours.

What changes are you making?

IP address update

  • We’re migrating PHISH to send email simulations within our secure cloud hosted on AWS. This has resulted in a new list of IP addresses that require allow listing.

HTTPS end to end

Increased resilience, reduced sending delays

  • Our increased IP range helps minimise delays on high volume campaigns and increase delivery rates

Expanded domains

  • We’ve now got a total of 55 domains to run PHISH simulations to make them less easy to spot. Details here.

Better scheduling

  • Emails are now scheduled based on the recipient's time zone and we now ensure that the same template is not received twice.

Do I need to make changes to my phish report button?

No changes required, this feature is unaffected and requires no configuration changes.

Can I have more notice?

Due to agreements with our previous third party provider, unfortunately we have a limited amount of time before our existing agreement to send simulated phishing emails expires. While our options are limited, please contact [email protected] if this is a challenge.

Did this answer your question?