Sophos safelisting guide

Sophos Email Appliance (SEA)

Safelisting your Sophos Email Appliance (SEA) allows your end-users to receive phishing and training-related emails from the BullPhish ID project. 

The instructions below include information from the SEA Configuration guide and the Allow/Block Lists article, both provided by Sophos. If you run into issues with safe listing BullPhish ID in your Sophos appliance, we recommend reaching out to Sophos for specific instructions. You can also contact our support team whenever you need assistance.

Modify the Allow/Block Lists

The Allow/Block lists allow you to define hosts and senders which are trusted or untrusted. Messages from allowed hosts and senders will bypass Sophos antispam filtering. 

To add BullPhish ID to the Allow list:

  1. In your SEA manager, navigate to Configuration > Policy > Allow Lists.
  2. Click the appropriate list to display the List Editor dialog box.
  3. Select the Senders tab if you have an additional spam filter in front of SEA. Select the Hosts tab if you do not have an additional spam filter in front of SEA. 
  4. In the Add entries text box, enter each required item * and click Add.
  5. What you enter next varies depending on your selection in Step 3 (Hosts or Senders).
    • If on the Senders tab, enter BullPhish ID domain names, one by one. To download a list of your organization's sending domains, in BullPhish ID select Settings > Sending Domains > Export Sending Domains.
    • If on the Hosts tab, enter BullPhish ID IPs one by one. For the most up-to-date list of our IP addresses, see the Reference guide for deliverability.

Sophos Firewalls

Safelisting in Sophos firewall allows users who've failed your phishing tests to access BullPhish ID landing pages.

The instructions below were created for Sophos XG firewalls, so other versions of Sophos firewalls may require a different set of steps. We recommend reaching out to Sophos for instructions on how to allow list BullPhish ID.

To safelist in Sophos XG firewalls:

  1. Log in to the portal for the firewall.
  2. Click on Web, located on the left.
  3. Click on Exceptions, situated at the top.
  4. If you don't have an exception list, click Add Exception.
  5. Provide a name (BullPhish ID) and an optional description for the list.
  6. Check the boxes to the right under Skip the selected checks or actions for your purchased services.
  7. Check URL pattern matches.
  8. Enter the phishing/training URLs one line at a time in the Search/Add. You can find a list of phishing/training URLs in the Reference guide for deliverabilityunder the Training and Phishing Simulation URLs to allow section.
  9. Click Save from the bottom of the page.