This article will cover how to whitelist Curricula’s training email and phishing simulator email servers in Microsoft 365 Defender.
Step 1. Basic Whitelist
Sign in to Microsoft 365 Defender portal
- Scroll down and select Email & collaboration
- Select Policies & rules
- Select Threat policies in the list
5. Select Anti-spam inbound policy (Default)
6. Scroll down to Allowed And Blocked Senders and domains to Select Edit allowed and blocked senders and domains in the fly-out
7. In the fly-out under Allowed, select Allowed domains
8. Click the Add Domains + button to add the following domains one at a time and press Enter/Return to add them to the list.
- mycurricula.com
- alerts.mycurricula.com
- phish.mycurricula.com
- securitynotifications.org
- security-updater.com
- amazonsecurity.org
- breach-notice.com
- filesharingnow.com
- mailbox-quota.com
- passwordsnotification.com
- securelinkedin.com
- fraud-assistance.com
- payment-process.com
- news-article.com
- invite-meeting.com
- feedback-collect.com
- businessnotice.org
- databoxonline.com
- electronic-hr.com
- emailtransaction.com
- employee-services.org
- governmentnotice.org
- notificationservices.org
9. When finished select the Add domains button
10. Select Done
11. Click Save
You have now completed Basic whitelisting of Curricula’s domains. To whitelist our Phishing Simulation Servers and Domains follow Step 2 to bypass Microsofts Advanced Filtering that is not bypassed in Step 1. This includes :
- Content Filtering
- High confidence spam
- High confidence phishing email
Step 2. Advanced Phishing Simulator Whitelist
Sign in to Microsoft 365 Defender portal
- Scroll down and select Email & collaboration
- Select Policies & rules
- Select Threat policies in the list
4. Scroll down to the Rules section and select Advanced delivery
5. Select Phishing simulation tab, then select Edit
- securitynotifications.org
- security-updater.com
- amazonsecurity.org
- breach-notice.com
- filesharingnow.com
- mailbox-quota.com
- passwordsnotification.com
- securelinkedin.com
- fraud-assistance.com
- payment-process.com
- news-article.com
- invite-meeting.com
- feedback-collect.com
- businessnotice.org
- databoxonline.com
- electronic-hr.com
- emailtransaction.com
- employee-services.org
- governmentnotice.org
- notificationservices.org
- 18.205.140.116 (Phishing Server)
- 168.245.36.66 (Training Server)
8. When finished select Save.
Now that you are finished whitelisting for your Microsoft 365 account, we recommend a Delivery test via Settings > Phishing > Deliverability test in Curricula. Then send an assignment notification and/or phishing campaign to yourself or a small group of employees to verify the whitelisting was successful before launching Curricula to your staff.
*If you have any messages that get placed in users junk email folders, add all Curricula Phishing domain's to the allowed list described in Step 1.
If these steps don’t resolve the issue, let us know by submitting a ticket to our support team.
You can contact us anytime by submitting a support request using the link below: