Barracuda safelisting guide

If your organization utilizes Barracuda's Email Security Gateway, you can safelist (aka whitelist) Bullphish to allow our simulated phishing test emails and training notifications through to your end-users.

For an up-to-date list of BullPhish IP addresses, see our Reference guide for deliverability.

Whitelisting by IP in Barracuda in Email Security Gateway

These instructions were gathered and summarized–based on Barracuda's knowledge base. For more information on how to whitelist in Barracuda, check out this video from Barracuda.

If you are using Barracuda's Email Security Service (cloud), follow these steps to whitelist Barracuda by IP address:

Log in to your Barracuda Cloud Control.
Go to Email Security > Inbound Settings > IP Address Policies.
In the IP Blocking / Exemption section, use the top line to enter one of our IP addresses. This process will need to be repeated for each IP address. For an up-to-date list of BullPhish IP addresses, see our Reference guide for deliverability.
In the Netmask field, type 255.255.255.
Set the Policy field toExempt.
If you'd like, add a note in the Comment. For example, BullPhish ID Simulated Phishing IP Address.
Click Add to whitelist the IP address.
Repeat steps 2 through 7 for each of the BullPhish ID IP addresses.

If you are using Barracuda's Email Security Gateway (on-premises), follow these steps to whitelist Barracuda by IP address:

Log in to your Barracuda Email Security Gateway web interface.
Go to the BLOCK/ACCEPT > IP Filters.
In the Allowed IP/Range section, use the top line to enter one of our IP addresses. This process will need to be repeated for each IP address. For an up-to-date list of BullPhish IP addresses, see our Reference guide for deliverability.
In the Netmask field, type 255.255.255.0.
Set the Policy field to Exempt.
If you'd like, add a note in the Comment, for example, BullPhish ID Simulated Phishing IP Address.
Click Add to whitelist the IP address.
Repeat steps 2 through 7 for each of the BullPhish ID IP addresses.

Barracuda Intent Analysis

You may need to whitelist us in Barracuda's Intent Analysis feature to prevent the URLs in simulated phishing tests from being altered and potentially resulting in skewed phishing test results. See this article from Barracuda explaining this process. If you are using Barracuda's Email Security Service (cloud), follow these steps to whitelist Barracuda's Intent Analysis:

Log in to your Barracuda Cloud Control.
Navigate to Email Security > Inbound Settings>Anti-Phishing.
Under the Intent section, add BullPhish ID hostnames. Make sure the Policy drop-down is set to Ignore.

If you are using Barracuda's Email Security Gateway (on-premises), follow these steps to whitelist Barracuda's Intent Analysis:

Log in to your Barracuda Email Security Gateway web interface.
Navigate to Email Security Gateway> Basic > Spam Checking.
Under the Intent Analysis section, add BullPhish ID hostnames to the URI Exemptions: text box field.

Barracuda Sender Authentication

If you'd like to spoof your domain in simulated phishing tests, you can exempt Trusted Forwarder IP addresses from SPF checks. See this article from Barracuda for more information.

If you are using Barracuda's Email Security Service (cloud), follow these steps to whitelist Barracuda's Sender Authentication:

Log in to your Barracuda Cloud Control.
Navigate to Email Security > Inbound Settings > Sender Authentication.
Enter our IP addresses in the SPF exemptions table in the Use Sender Policy Framework center.

If you are using Barracuda's Email Security Gateway (on-premises), follow these steps to whitelist Barracuda's Sender Authentication:

Log in to your Barracuda Email Security Gateway web interface.
Navigate to Email Security> Block/Accept tab and select Sender Authentication.
Under Sender Policy Framework (SPF) Configuration section, select Yes.
Add the BullPhish ID IP addresses to the exemption list.

Barracuda Advanced Threat Protection (ATP)

You can set up exemptions if you use Barracuda's Advanced Threat Protection (ATP) and have experienced false clicks or false attachments. Setting exemptions allow you to bypass scanning for phishing test emails from BullPhish ID IP addresses.

To set up exemption addresses to bypass ATP PDF Scanning:

Log in to your Barracuda Email Security Gateway web interface.
Select the ATP Settings
Enter the IP address(es) and Subnet Mask(s). For an up-to-date list of BullPhish IP addresses, see our Reference guide for deliverability.
Click Add.

Barracuda Sentinel Allow Senders

Barracuda Sentinel's Allow Senders list allows BullPhish ID emails to bypass your organization's current whitelisting rules. See Barracuda's How to Allow Senders article for more information.

To add specific senders to your Allow Senders list:

Log in to your Barracuda admin console.
Click Dashboard in your console menu.
Click the Settings icon, which should appear as a gear.
Click Allowed Senders.
Enter one email address or domain name into the Sender Email or Domain

NOTE Barracuda Sentinel will only allow you to simultaneously enter one email address or domain name for security reasons.

You can repeat steps 5 through 7 for as many email addresses or domains as you wish to add.
You can add a comment to your email address or domain name and click Save.
Using their respective icons, you can also delete or edit the email addresses and domain names from the Allowed Senders page.

Revision	Date
In section Whitelisting by IP in Barracuda in Email Security Gateway, in first procedure step 4: changed Netmask to 255.255.255.255. In second procedure step 4: changed Netmask to 255.255.255.0.	10/20/23

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.