This section provides essential whitelisting information necessary for the successful execution of Nimblr simulated attacks. While whitelisting is typically IP address-based, additional configuration may be required in most environments. All Nimblr simulated attacks originate from the following IP addresses:
External Email Security Gateway or Spamfilter
If you are utilizing an external Email Security Gateway or Spamfilter, the standard whitelisting guides may not be applicable. In such cases, please reach out to the Nimblr support team for alternative whitelisting methods.
Whitelist Simulations in Exchange Online
This guide describes how to configure Microsoft Exchange Online to whitelist the Nimblr simulated attacks: Whitelist Simulations in Exchange Online
You may also consider hiding the warning notifications in Microsoft Outlook clients by configuring the Tenant Allow list as described here: Allow Spoofed Senders in Exchange Online
Unlike the simulations, the course invitation emails should not need any whitelisting as they are perfectly legitimate emails, sent using correct authentication (SPF, DKIM, DMARC). However, in rare cases, some customers experience problems with course invitations ending up in junk or clutter folder. In these cases we recommend taking a look at our guide; Whitelist Course Invitations in Exchange Online. You may also contact Nimblr Support team for additional assistance.
Whitelist Simulations in Google Workspace
This guide describes how to configure Google Workspace to whitelist the IP used to send simulated attacks: Whitelist Simulations in Google Workspace
Whitelist Simulations in Exchange On-Prem
This guide describes how to configure Microsoft Exchange On-prem to whitelist the Nimblr simulated attacks: Whitelist Simulations in Exchange On-Prem