Allowlisting Coro as a safe sender for Security Awareness Training

To use Security Awareness Training (SAT), system administrators must first allowlist Coro in an organization's email domain. This ensures that SAT phishing simulation emails from Coro are not blocked or mistaken for real threats.

Coro SAT is supported in the following platforms:

Allowlisting Coro in Microsoft 365

To allowlist SAT emails in Microsoft 365, perform the following two-part procedure:

Configuring Microsoft Exchange

Phishing simulation emails sent by Coro all include a specific identifying header. Configure Microsoft Exchange to recognize and allow emails containing this header.

To configure Microsoft Exchange:

  1. Sign in to Microsoft Exchange admin center with your administrator credentials.
  2. Go to Mail flow > Rules .
  3. On the Rules page, select + Add a rule :

    Adding a new mail flow rule

  4. From the dropdown, select Create a new rule .

    Exchange displays the New transport rule dialog, on the Set rule conditions step:

    New transport rule dialog - Set rule conditions

  5. Enter a name. Coro recommends Coro Header Allow .
  6. Under Apply this rule if , select The message headers... from the first dropdown. Then, select matches these text patterns from the second dropdown.
  7. Select Enter text . Then, enter the email header name present in all SAT emails:

    X-BPSAT

  8. Select Enter words . Then, enter the email header value present in all SAT emails:

    66Y7U2LTS

  9. Under Do the following , select Modify the message properties from the first dropdown. Then, select Set the spam confidence level (SCL) from the second dropdown.

    Exchange displays the specify SCL dialog:

    specify SCL dialog

  10. Make sure the dropdown is set to Bypass spam filtering . Then, select Save .

    The Set rule conditions step should now resemble the following:

    New transport rule dialog - Set rule conditions

  11. Leave the remaining settings as their default values and select Next to proceed.
  12. On the Set rule settings step, leave all settings as their default values and select Next to proceed.
  13. On the Review and finish step, select Finish to add the new rule. Then, select Done to close the dialog.
  14. On the Rules page, locate and select your new rule.

    Exchange shows a rule summary dialog:

    Enabling your disabled new rule

  15. Enable your rule by selecting Enable or disable rule .

    After a short wait, Exchange confirms the rule status was updated successfully.

  16. Select Edit rule settings .

    Exchange displays the rule edit dialog.

  17. Enter a Priority of 0 (zero) to make sure your new rule is a higher priority than other inbound rules:

    Enabling your disabled new rule

  18. Select Save to save your changes.

Configuring Microsoft Defender

To make sure Microsoft Defender does not flag phishing simulation emails as potential threats, declare the list of simulation domains, IP addresses, and simulation URLs used by Coro SAT.

To configure Microsoft Defender:

  1. Sign in to Microsoft Defender with your administrator credentials.
  2. Go to Email & collaboration > Policies & rules .

    Defender displays the Policies & rules page:

    Microsoft Defender - Policies and rules

  3. Select Threat policies .
  4. From the Rules section, select Advanced delivery :

    Microsoft Defender - Threat policies

  5. From the Advanced delivery page, select Phishing simulation :

    Microsoft Defender - Advanced delivery

  6. If this page is already populated with phishing simulation rules, select Edit . Otherwise, select Add .

    Defender displays the Edit third party phishing simulations dialog:

    Microsoft Defender - Advanced delivery

  7. Populate the Domain section with the following list of domains:
    Copy
    Copied
    mail.microsoft-notifications.co.uk
mail.hr-staff-updates.com
info.bluuebeams.com
mail.google-account-team.com
mail.google-notifications.co.uk
mail.noreply-deliveroocredit.co.uk
info.onedrivesharing.com
mail.noreply-amazon.co.uk
email.dpdupdates.co.uk
info.electrosoftt.com
mail.file-transf3rs.com
mail.linkedin-network.com
mail.insightfulsurveys.com
mail.dropbox-notifications.co.uk
mail.windowsmessages.com
promo.e-cards-mail.com
info.noreply-linkedinverify.co.uk
security.microsoftaccountalert.com
info.royaal-maill.com
mail.bankfraudteam.com
apple.isecurity-alerts.com
mail.amazoneorder.com
mail.fa-uk.com
portal.coffee-vouchers.com
info.who-travel-updates.com
mail.365invoices.com
info.just-eat-voucher.co.uk
info.gmaillogin.co.uk
info.mail365-team.com
info.google-notificatons.com
mail.netflix-password.co.uk
info.netlfix-update-details.com
info.netlixnotifications.co.uk
mail.traffordgov.com
secure.accessyourcloud.co.uk
info.microsoft-security-alerts.com
drive.fileboxshare.com
mail.noreply-ubercredit.co.uk
info.dhlshipping.co.uk
mail.theaccountsgroup.com
mail.staff-payroll-updates.com
info.mydeliverytracker.com
info.freshworked.co.uk
mail.webcontracttar.co.uk
mail.noreply-hmrcupdate.co.uk
mail.nhs-antibodytest.co.uk
mail.noreply-sage.com
  8. Populate the Sending IP section with the following IP address:
    Copy
    Copied
    23.249.219.118
  9. Populate the Simulation URLs to allow section with the following:
    Copy
    Copied
    *.boxphish.com/*
*.microsoft-notifications.co.uk/*
*.dropbox-notifications.co.uk/*
*.gmaillogin.co.uk/*
*.file-transf3rs.com/*
  10. Select Save to save your changes.

Allowlisting Coro in Google Workspace

To allowlist Coro SAT in Google Workspace:

  1. Sign in to the Google Workspace admin console with your administrator credentials.
  2. Select Apps > Google Workspace > Gmail .

    Google displays the Settings for Gmail page:

    Gmail settings

  3. Locate and select Spam, Phishing and Malware :

    Gmail - Spam, Phishing and Malware

Next, perform the following three-part procedure:

Allowlisting Coro's sender IP address

To prevent Google from categorizing SAT emails from Coro as spam (and potentially quarantining or moving emails so users do not receive them), add Coro's sender IP address to the email allowlist.

  1. From the Spam, phishing, and malware page, select Email allowlist :

    Gmail - selecting Email allowlist

  2. Enter the Coro SAT IP address: 23.249.219.118

    Gmail - Entering the Coro SAT IP address

  3. Select Save .

Adding Coro's sender IP address as an inbound mail gateway

Google can automatically tag incoming emails it believes to be suspicious with warning banners to highlight the risk to recipients. To best assess your users' vulnerability to phishing, prevent Google from adding warning banners by adding Coro's sender IP address as an inbound gateway.

  1. From the Spam, phishing, and malware page, select Inbound gateway :

    Gmail - selecting Inbound gateway

  2. In the Inbound gateway dialog, select Enable , then enter the following settings:
    • Gateway IPs : Select ADD , then enter Coro's IP address: 23.249.219.118 . Select Save to save your changes.
    • Automatically detect external IP (recommended) : Disable.
    • Reject all mail not from gateway IPs : Disable.
    • Require TLS for connections from the email gateways listed above : Enable.
    • Message is considered spam if the following header regexp matches : Enable.
    • Regexp : Enter a random series of characters to represent a header that does not exist in Coro's SAT emails.
    • Test expression :
      • Select Message is spam if regexp matches .
      • Enable Disable Gmail spam evaluation on mail from this gateway; only use header value .

    Gmail - Inbound gateway settings page

  3. Select Save to save your changes.

Allowlisting Coro's SAT domains

Add the domains used by Coro for phishing simulations, course enrollment, and policy hand-outs to your Google Workspace allowlist to make sure Google does not restrict delivery of such emails to your users.

  1. From the Spam, phishing, and malware page, locate the Spam section and select CONFIGURE :

    Gmail - selecting Spam configuration

    Google displays the Add setting dialog:

    Gmail - Spam - Add setting dialog

  2. Enter a short description.
  3. Enable Bypass spam filters and hide warnings for messages from senders or domains in selected lists. , then select Create or edit list :

    Gmail - Link to create or edit address list

  4. In the Manage address lists dialog, select ADD ADDRESS LIST :

    Gmail - Adding a new address list

    Google displays the Add address list dialog:

    Gmail - Add address list dialog

  5. Enter a name for your new address list.
  6. Select BULK ADD ADDRESSES .

    Google displays the Bulk add addresses dialog:

    Gmail - Bulk add addresses option

  7. Copy and paste the following list of domains into the dialog:
    Copy
    Copied
    Boxphish.com,
nhs-antibodytest.co.uk,
just-eat-voucher.co.uk,
noreply-linkedinverify.co.uk,
noreply-amazon.co.uk,
dpdupdates.co.uk,
dropbox-notifications.co.uk,
microsoft-notifications.co.uk,
netflix-password.co.uk,
netflixnotifications.co.uk,
noreply-deliveroocredit.co.uk,
noreply-hmrcupdate.co.uk,
noreply-microsoftpasswordreset.co.uk,
noreply-ubercredit.co.uk,
gmaillogin.co.uk,
google-notifications.co.uk,
dhlshipping.co.uk,
noreply-amazon.co.uk,
who-travel-updates.com,
royaal-maill.com,
netflix-update-details.com,
fed-ex-parcels.com,
microsoft-security-alerts.com,
coffee-vouchers.com,
hr-staff-updates.com,
staff-payroll-updates.com
  8. Enable Require sender authentication , then select ADD .
  9. Select SAVE .
  10. Return to the Add setting dialog and select Use existing list :

    Gmail - link to use an existing address list

  11. Select your newly created address list:

    Gmail - selecting an address list

  12. Select X to close the selection dialog.
  13. Select SAVE to create your Coro SAT spam rule:

    Gmail - save the configured spam rule