Whitelisting for receiving email messages
The whitelisting activity is critical to ensure that e-mail messages sent from the CG Platform are delivered to users' Inboxes and are not categorized as spam/junk. This configuration allows the following messages to be received by users:
Simulated phishing attacks from Cyber Guru Phishing;
Functional e-mails generated by the platform (e.g., e-mails for platform login password recovery);
Student Caring emails (periodic communications sent by the platform to encourage user participation in the Awareness and Channel programs). Ricezione dei messaggi di phishing simulato
Cyber Guru has several static elements that can be used by the e-mail security system (Antispam and Antivirus) for easy identification of e-mails sent from the CG Platform:
Static IP address: unless otherwise agreed, the static sources IP of simulated phishing e-mails are
85.235.135.191
95.110.231.245
Custom header with name "CGRE" and value"en2358nfwf348fnw932jdo4fe4rrewffd"
HTML tag included in message body "<div class=”CGRE- en2358nfwf348fnw932jdo4fe4rrewffd”>"
⚠️ | WARNING: Under no circumstances is it advisable to rely solely on the header or HTML tag to activate a bypass rule or a security exception. The header and HTML tag should only be used to automatically route emails sent by Cyber Guru Phishing and reported by users as phishing, thus avoiding an increase in workload for CERT or SOC. |
In addition to the static parameters indicated above, Cyber Guru Phishing uses a defined set of dynamic senders (which may vary with each campaign/send), generated from predefined domains. Should the Customer's mail server also require domains to be whitelisted, reference should be made to the following table containing the domains used by Cyber Guru (Sender Domains)
The CG Platform, starting from the listed domains, generates senders using different accounts and third-level domains (e.g., starting from the domain "urgent.eu" the senders "mario@urgente.eu", "mario.rossi@comunicazione.urgente.eu" and "luca@amazon.urgente.eu" can be generated). Therefore, should you want to make explicit the allowed domains, you will need to take into account this degree of freedom of the platform (and e.g. by setting "*.urgent.eu" and "urgent.eu" as accepted domains).
⚠️ | WARNING: For configuring the incoming mail filter, we recommend using only the IP address for whitelisting. It is the best and most widely supported solution by major mail servers and filters. |
The domains used by Cyber Guru Phishing are as follows (all related DNS have the SPF parameter configured):
Sender Domains | SMTP Server Name |
⚠️ | WARNING Cyber Guru simulation system is designed to emulate various attack modes, including the email spoofing technique. In email spoofing, the actual sender is replaced with a fictitious sender that appears to belong to well-known domains (e.g., "itmail.com"). Such domains are not included in the list above because they should not be added to the exceptions. It is also normal and expected that emails using these domains may end up in spam. |
Receiving functional and Student Caring communications
The CG Platform sends transactional e-mails (e.g., for "password recovery") or Student Caring e-mails, i.e., aimed at accompanying the user in his or her course of study (e.g., "Release new training module").
To enable the receipt of these e-mails, it is necessary to enable:
as a "trusted sender."