If Proofpoint Essential's spam filtering or Proofpoint Enterprise's Allowlist is part of your setup, whitelisting Right-Hand enables our simulated phishing test emails and training notifications to be delivered to your end users.
For whitelisting in Proofpoint, refer to the external software's guidelines. If you encounter any issues, we recommend you to contact Proofpoint directly for specific instructions.
Whitelisting in Proofpoint Essentials
Whitelisting in Proofpoint Essentials
Add IPs to Safe Senders
Log in to your Proofpoint Essentials admin console.
Navigate to: Security Settings > Email > Sender Lists
In the Safe Senders section, add Right-Hand’s IP addresses.
Click Save.
Whitelisting in Proofpoint Enterprise
Whitelisting in Proofpoint Enterprise
Add IPs to the Organizational Safe List
Log in to the Proofpoint Enterprise Admin Console.
Navigate to:
Email Protection > Spam Detection > Organizational Safe ListClick Add.
In the "Global Safe List" window, enter:
Filter Type: Sender Hostname
Operator: Equals
Value: IP address or hostname (from the Right-Hand IP list)
Click Save Changes.
Add IPs to TAP URL Defense (If Used)
If you use Targeted Attack Protection (TAP) and URL Defense is enabled, whitelist the RH IPs to avoid URL rewriting:
Navigate to:
Email Protection > Targeted Attack Protection > URL Defense > URL Rewrite PoliciesScroll to the Exceptions section.
Add the IP addresses used by Right-Hand.
Click Save Changes.
Prevent Emails from Going to Spam or Quarantine
In the Admin Console, go to:
Email Protection > Spam Detection > Organizational Safe ListAdd the hostnames or IP addresses from Right-Hand.
This ensures the emails aren’t marked as spam or quarantined.
Advanced Whitelisting
Use these advanced steps if you're doing phishing simulations and want fine-grained control with Proofpoint’s custom policy routes.
Step 1: Create a Custom Policy Route (Mandatory)
This identifies phishing emails based on the sender's IP.
Navigate to: System > System > Policy Routes
Click Add and name the route:
Right-Hand_PhishingAdd Condition:
Sender IP Address = Right-Hand’s IP
Step 2: Add Custom Spam & Phish Rules
These rules stop the simulation emails from being flagged as spam or phishing.
Go to: Email Protection > Spam Detection > Custom Rules
Create the following two separate rules:
Rule 1:
a. Right-Hand_Spam_Safelist
Condition:
Policy Route equals Right-Hand_PhishingDisposition:
Classify as Not Spam
Rule 2:
b. Right-Hand_Phish_Safelist
Condition:
Policy Route equals Right-Hand_PhishingDisposition:
Set Classifier Score > Phish > 0
Step 3: Bypass SMTP Rate Limiting
Add the RH's IP address to avoid delivery delays.
Navigate to: Email Firewall > SMTP Rate Control > Non-throttled Hosts
Step 4: Skip IP Reputation (PDR) Checks
Skips IP reputation (PDR) checks for simulation emails, preventing blocks like "554 Blocked" while still allowing other security filters to apply.
Go to: Email Protection > Spam Detection > Reputation Service > Settings
Under Disable For Any Of, add
Right-Hand_Phishing.
💡 Alternatively, if you already have a pdrsafe policy route, just add Right-Hand’s IPs to it and make sure it’s included in Disable For Any Of.
Step 5: Bypass TAP Attachment Defense (If Used)
This allows simulation attachments (like PDFs or ZIPs) to arrive unmodified.
Go to: Email Protection > Targeted Attack Protection > Attachment Defense > Settings
Enable:
Disable processing for selected policy routesSelect:
Right-Hand_Phishing
Step 6: Exclude from Traffic Stats (Optional)
This keeps simulation traffic out of analytics/stats.
Go to: System > System > Settings > Send Feedback from Agent Directly
Add
Right-Hand_Phishingto Disable processing for selected policy routes.
Step 7: Bypass Antispoofing (Optional)
If simulation emails are being blocked due to spoofing your own domain:
Go to: Email Firewall > Rules
Edit the
pp_antispoofrule.Move
Right-Hand_Phishingto Disable.
If Proofpoint-related steps are unclear or unsupported in your current setup, reach out directly to Proofpoint Support for detailed guidance.