How to Whitelist EveryCloud in Sophos Products

Sophos Email Appliance (SEA)


If you’re utilizing Sophos Email Appliance (SEA), whitelisting EveryCloud will ensure that our simulated phishing security tests and training notifications are received by your end-users. 

The guidelines provided in this article is compiled from SEA Configuration guide and Allow/Block Lists article, both are articles provided by Sophos. If you encounter any difficulties with whitelisting EveryCloud in your Sophos appearance, you should contact Sophos for more instructions. 

Edit the Allow/Block Lists

The Allow/Block lists let you specify which hosts and senders are trusted. Emails from these hosts and senders automatically bypass Sophos anti-spam filtering. 

Follow the instructions below to add EveryCloud to the Allow list:

  1. Login to your SEA console, go to Configuration > Policy > Allow Lists.

  2. Select the relevant list to show the List Editor dialog box.

  3. If you have another spam filter in front of Sophos Email Appliance, click on the Senders tab. If you do not have another spam filter in front of SEA, click on the Hosts tab. 

  4. Enter each required item in the Add entries text field, and click Add.

  5. Your next entries will be determined by what you selected in step 3 (Hosts or Senders).


  6. If you are on the Senders tab, type in EveryCloud’s server hostnames, one after the other. Visit this article for an updated list of EveryCloud’s hostnames. If you are on the Hosts tab, type in EveryCloud’s IP addresses, one after the other. Visit this article for an updated list of EveryCloud’s IP addresses.

  7. Alternatively, you can EveryCloud’s phish links and landing domains to your list of Whitelisted URLs. Contact our support team to request a comprehensive list of our phish and landing domains.

 Sophos Perimeter Protection 

A large number of EveryCloud’s phishing emails will be sent from senders with non-existent domains. Sophos Perimeter Protection setting blocks any mail originating from non-existent domains. We recommend keeping this setting ON, turning it off may allow real spam to bypass your filters.  

A possible solution is to edit the senders in your phishing templates to originate from one of EveryCloud’s phish links or landing domains. If you add EveryCloud to your SPF records [CHANGE LINK], you can use phishing emails marked with a (Spoofs Domain) tag, these emails will appear to originate from your domain. 

 

Sophos Firewalls

If you whitelist EveryCloud in Sophos firewall, end-users who have failed your phishing security tests will be able to access EveryCloud’s landing pages.

The guideline below is specific to Sophos XG firewalls, other versions of Sophos firewalls may need a different set of steps. If you have another version of Sophos firewall, we recommend contacting Sophos for more instructions on how to whitelist EveryCloud. 

How to Whitelist in Sophos XG Firewalls:

  1. Request a copy of EveryCloud’s phish domains and landing domains from our support team 

  2. Log in to Sophos XG firewall.

  3. Click on Web, you should see it on the left.

  4. Click on Exceptions, you should see it at the top.

  5. If you don’t currently have an exception list, click Add Exception.

  6. Provide a name (EveryCloud) and a description for the list.

  7. Check the boxes to the right under Skip the selected checks or actions for the services you purchased.

  8. Check to make sure that the URL pattern matches.

  9. Type each phish and landing domain, one line at a time, into the Search/Add box. XXXXXX and .com represent each phish and landing domain.

^([A-Za-z0-9.-]‌*\.)?XXXXXX\.com\.?/

  1. Click Save at the bottom of the page.