We’re making some infrastructure upgrades to improve PHISH, which require a configuration update to your email security.
For details about the IPs you need to add, click here
What is the change I need to make?
Secure email gateways and mail servers require allowlist updates to ensure PHISH simulations continue uninterrupted. These changes need to be made before June 20th. The changes to PHISH allowlisting can be found here.
NB: You do not need to change allowlisting for other IP addresses, for instance those used for nudge emails in GUIDE - details here.
We have now updated our “Test campaign” feature to use the new IP addresses, giving administrators the chance to verify their configurations.
Do not remove the original IP’s until:
You’ve tested that the new configuration works - guidance here
Confirmed a successful test with us via the banner on the Phishing Campaigns page
If we do not receive confirmation of updated settings, all active campaigns will be paused June 20th. We will contact affected customers.
After June 20th, we will contact customers with the former IP’s that will no longer be used for CybSafe PHISH, so that they can be removed from allowlists.
How should I test the change?
When using our "Test phishing campaign" feature to test the new configuration you should test that.
You successfully receive a CybSafe simulated phishing email within a short period
The statistics on the Phishing reports for the test campaign reflect your behaviour with it (use the campaign filter for this).
If you have a reporting flow in place, you're able to report the email.
Why are you making changes?
We’re making this change because we believe we are at the stage where we have run into too many limitations of our existing provider. These changes will improve our resilience and avoid situations like our May 11th outage, causing email delays of up to 5 hours.
What changes are you making?
IP address update
We’re migrating PHISH to send email simulations within our secure cloud hosted on AWS. This has resulted in a new list of IP addresses that require allow listing.
HTTPS end to end
A common concern was expanded domains were inconsistently sending insecure urls. Thanks to the upgrades, all tracked links will be HTTPS end to end, using the pattern https://l.{phishdomain}.com
The prefix: https://u6197305.ct.sendgrid.net will be retired.
Increased resilience, reduced sending delays
Our increased IP range helps minimise delays on high volume campaigns and increase delivery rates
Expanded domains
We’ve now got a total of 55 domains to run PHISH simulations to make them less easy to spot. Details here.
Better scheduling
Emails are now scheduled based on the recipient's time zone and we now ensure that the same template is not received twice.
Do I need to make changes to my phish report button?
No changes required, this feature is unaffected and requires no configuration changes.
Can I have more notice?
Due to agreements with our previous third party provider, unfortunately we have a limited amount of time before our existing agreement to send simulated phishing emails expires. While our options are limited, please contact [email protected] if this is a challenge.