Reference guide for deliverability

IP Addresses

Description: The BullPhish ID system uses the listed IPs to send phishing and training emails to the targets.

34.237.252.20 (SMTP Server IP - server from which we send Phishing & Training Emails).
168.245.13.192 (SendGrid IP - needed for sending of notification emails but only if you are using Dark Web ID as well as BullPhish ID).

Email Headers

Description: We utilize the following email header to assist in identifying messages from Phishing Simulations or Training & Awareness. Each email sent from the BullPhish ID system to the target will contain the following header.

X-Mailer: BullPhish

Sending Domains

Description: The BullPhish ID system uses the listed domains to send phishing and training campaigns to the targets.

Our Sending Profiles and URLs will all utilize one of the listed domains. In addition to Mail configurations, add to any Email Security Layers such as Microsoft Defender (formerly ATP), Proofpoint, Barracuda, Mimecast, and others. It is considered for Link Re-Writing.

The list of sending domains available on the BullPhish ID Sending Domains page under Settings section.

Click Export Sending Domains button to download a CSV of every sending domain from your organization, along with their verification status. To access this functionality, in BullPhish ID select Settings > Sending Domains > Export Sending Domains.

Training and Phishing Simulation URLs to allow:

Description: The BullPhish ID system uses the URLs below to show the Training and Phishing content on a webpage. This section is only applicable to the o365 safelisting guide.

Expand this setting and enter the following URLs by clicking in the box, entering a value, and pressing Enter or selecting the value displayed below the box.

service-noreply.info/*
Bpidtr.com/*
*.bpidtr.com/*
http://cloudsurveillance.net/

Information on Domains Rotation

Links inside the Phishing Emails will use the Top-Level URLs.

When the user clicks on this Top-Level URL inside the email, our system will automatically redirect and rotate them to a Secondary domain in our database. These Secondary Domains do not need to be safelisted as we rotate them once we get notified that our secondary level URL is blocked.

This process of domain rotations allows us to prevent red screens and ensures that users have access to BullPhish ID content.

NOTE If you have any issues, please notify us at support@idagent.com.

Revisions

Section	Details	Date of revision
Training and Phishing Simulation URLs to allow	Old URL ".secureawareness.net/" replaced with ".cloudsurveillance.net/."	February 8th, 2022
IP Addresses	Updated BPID IP address list	October 19, 2023

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.