By adding us as a trusted sender in your Cisco Email Security Appliance (ESA), the content of our emails will not be scanned by Cisco IronPort AntiSpam engine. To do this, you must add us to the WHITELIST sender group in Host Access Table (HAT). You can configure the HAT by:
- Click the Mail Policies Tab.
- Under the Host Access Table section, select HAT Overview,
- On the right, make sure your InboundMail listener is currently selected,
- From the Sender Group column below, click WHITELIST,
- Click the Add Sender button near the bottom half of the page.
- Enter the Infosec IQ’s IP Addresses that are found in the Email Stack section in your Account Settings.
- When you finish adding entries, click the Submit button. Remember to click the Commit Changes button to save your changes.
Allowlists for Outbreak Filter Scanning
The instructions above for whitelisting Cisco Ironport do not prevent Ironport's Outbreak Filter from scanning our simulated phishing messages.To skip Outbreak Filter Scanning, do the following:
- From your Cisco Ironport admin console, navigate to the Mail Policies tab.
- Under the Message Modification section, enter our IP addresses in the Bypass Domain Scanning table.
- Click Submit and then Commit Changes.
Important: Cisco recently turned on a feature called Service Logs for many of it’s customers, which contributes select emails randomly to be sent back to Cisco to improve the service overall. Our phishy links are examined as part of this process, which in turn generates a false positive for Learners. Unfortunately, Cisco does not provide any way to exempt particular emails or senders from this service, and at this time the only option to prevent this behavior, is to disable the service entirely. You can learn more about Service Logs and how to disable it in your environment from this document on Cisco’s website.