![icon outline.png]](https://support.nimblrsecurity.com/hs-fs/hubfs/icon%20outline.png?width=40&height=40&name=icon%20outline.png){kind=small}
Is it safe to whitelist Nimblr’s IP addresses for phishing simulations?
Whitelisting Nimblr’s IPs is safe because they are exclusive to us, strictly controlled, and only deliver approved simulation emails. Combined with Microsoft’s Advanced Delivery method, this ensures simulations reach users realistically without weakening your organization’s overall security.
To ensure realistic delivery of our simulations, Nimblr recommends using Microsoft’s Advanced Delivery for third-party phishing simulations. This is Microsoft’s own recommended method, designed to let simulation traffic bypass filtering without weakening security. Only Nimblr’s verified IP addresses and domains are covered, while all other email traffic remains fully protected by your existing filters.
The IP addresses used for our simulations are exclusive to Nimblr. No other organization can send messages from these IPs, which means the whitelisting only applies to our controlled simulation traffic.
Access to the servers is strictly limited: they are protected with IP restrictions and authentication, and only a very small number of Nimblr employees have access. In addition, we enforce strong safeguards on what can be sent, ensuring only safe and approved simulation content is delivered.
Nimblr also invests heavily in security assurance. We engage independent third parties to perform regular penetration tests and run continuous automated vulnerability scanning across our environment. In addition, we are in the process of certifying our systems according to ISO 27001, with most of the required processes and controls already in place.
By combining Microsoft’s secure Advanced Delivery method with Nimblr’s exclusive IP addresses, strict server controls, and robust security governance, customers can be confident that phishing simulations are delivered safely without compromising their defenses.