Why Whitelist Master NetFlow?
To ensure our phishing simulations and training emails reach your employees' inboxes (and not their spam folders), you'll need to whitelist Master NetFlow in your email security system. This is a critical step for accurate security awareness testing.
Important: Without proper whitelisting, your email security may block or quarantine our simulated phishing emails, resulting in inaccurate test results.
Master NetFlow Sending Information
Transactional Emails
| Sending Domain: | masternetflow.com |
| From Address: | info@masternetflow.com |
| Purpose: | Welcome emails, reports, notifications |
Phishing Simulation Emails
| Sending Domain: | sim.masternetflow.com |
| Landing Pages: | sim.masternetflow.com/* |
| Purpose: | Phishing tests, training simulations |
Technical Details for IT Teams
Note: Master NetFlow uses MailerSend's shared IP infrastructure. We recommend domain-based whitelisting rather than IP-based whitelisting for more reliable delivery.
Setup Instructions by Platform
Select your email security platform below for step-by-step instructions.
Microsoft 365 / Defender for Office 365
Configure Advanced Delivery for phishing simulations
Recommended: Use Advanced Delivery (Method 1) for phishing simulations. This is Microsoft's official way to whitelist third-party phishing simulation vendors.
Recommended Method 1: Advanced Delivery (Phishing Simulations)
Open Microsoft 365 Defender Portal
Navigate to security.microsoft.com
Navigate to Advanced Delivery
Go to Email & collaboration → Policies & rules → Threat policies → Advanced delivery
Select "Phishing simulation" tab
Click on the Phishing simulation tab at the top of the page.
Add Master NetFlow as a third-party phishing simulation
Click + Add and enter the following:
| Domain: |
sim.masternetflow.com
|
| Simulation URLs to allow: |
https://sim.masternetflow.com/*
|
Save the configuration
Click Add to save. Changes may take up to 30 minutes to propagate.
Method 2: Exchange Transport Rule (Additional Bypass)
If you need additional filtering bypass, create a transport rule:
Open Exchange Admin Center
Navigate to admin.exchange.microsoft.com
Create a new mail flow rule
Go to Mail flow → Rules → + Add a rule
Configure the rule
Name: Master NetFlow Phishing Simulation Bypass
Condition: The sender domain is sim.masternetflow.com
Action: Set the spam confidence level (SCL) to -1 (bypass spam filtering)
Action: Set header X-MS-Exchange-Organization-SkipSafeLinksProcessing to 1
Method 3: Safe Links URL Exception
To prevent Safe Links from rewriting simulation URLs:
Open Safe Links Policy
In Microsoft 365 Defender, go to Policies & rules → Threat policies → Safe Links
Edit your Safe Links policy
Select your policy and click Edit protection settings
Add URL exceptions
In "Do not rewrite the following URLs", add:
https://sim.masternetflow.com/*
Google Workspace
Configure Gmail allowlist and content compliance
Step 1 Add to Email Allowlist
Open Google Admin Console
Navigate to admin.google.com
Navigate to Spam settings
Go to Apps → Google Workspace → Gmail → Spam, Phishing and Malware
Create an Email allowlist
Scroll to Email allowlist and add:
sim.masternetflow.com
Save changes
Click Save. Changes may take up to 24 hours to propagate.
Step 2 Bypass Spam Filter (Content Compliance)
Navigate to Content Compliance
In Gmail settings, go to Compliance → Content compliance
Add a new rule
Click Configure or Add another rule
Configure the rule
Name: Master NetFlow Phishing Simulation
Email messages to affect: Inbound
Expression:
- Type:
Advanced content match - Location:
Headers - Match type:
Contains text - Content:
sim.masternetflow.com
Action: Bypass spam filter for this message
Step 3 Disable Link Warnings (Optional)
Note: Google's Safe Browsing may show warnings for simulation links. This is expected behavior and actually helps test if employees click through warnings. If you need to disable warnings for accurate testing:
Navigate to Safety settings
Go to Apps → Google Workspace → Gmail → Safety
Add trusted domains
Under "Links and external images", add sim.masternetflow.com to trusted domains.
Proofpoint Email Protection
Configure organizational safe sender and URL defense exceptions
Method 1: Organizational Safe Sender List
Log in to Proofpoint Admin Console
Access your Proofpoint Protection Server admin interface.
Navigate to Safe Sender Lists
Go to Email Protection → Spam Detection → Organizational Safe Senders
Add Master NetFlow domains
Add the following domains:
sim.masternetflow.com masternetflow.com Method 2: URL Defense Exception
Navigate to URL Defense settings
Go to Email Protection → Targeted Attack Protection → URL Defense
Add URL exception
In the URL Rewrite exceptions list, add:
sim.masternetflow.com
Configure TAP exception (if using TAP)
Under Targeted Attack Protection, add sim.masternetflow.com to the exception list to prevent URL sandboxing.
Mimecast
Configure Permitted Senders and URL Protection bypass
Method 1: Permitted Senders Policy
Log in to Mimecast Administration Console
Access your Mimecast admin portal.
Navigate to Permitted Senders
Go to Administration → Gateway → Policies → Permitted Senders
Create a new Permitted Senders policy
Click New Policy and configure:
Policy Name: Master NetFlow Phishing Simulation
Applies From: Everyone
Applies To: Everyone
Source:
- Type: Domain
- Domain:
sim.masternetflow.com
Options:
- ✓ Skip spam checks
- ✓ Skip attachment protection
Method 2: URL Protection Bypass
Navigate to URL Protection
Go to Services → URL Protection → URL Protection Bypass
Add bypass rule
Add a new bypass for:
URL Pattern: *sim.masternetflow.com*
Save and publish
Save the policy. Changes typically take effect within 15 minutes.
Barracuda Email Security Gateway
Configure Allowed Senders and Link Protection bypass
Method 1: Sender Allow List
Log in to Barracuda Admin Console
Access your Barracuda Email Security Gateway.
Navigate to Allow/Block List
Go to Block/Accept → Sender Domain Allow List
Add Master NetFlow domains
sim.masternetflow.commasternetflow.comEnable "Exempt from all scanning"
Check the box to exempt these domains from spam and virus scanning.
Method 2: Link Protection Bypass
Navigate to Advanced Threat Protection
Go to ATP Settings → Link Protection
Add URL to bypass list
Under "Do Not Rewrite URLs", add:
*.sim.masternetflow.com/*
FortiMail (Fortinet)
Configure Access Control and Content Profile exceptions
Method 1: Access Control Rule
Log in to FortiMail Web UI
Access your FortiMail administration console.
Navigate to Access Control
Go to Policy → Access Control → Receiving
Create a new Access Control Rule
Click New and configure:
Status: Enable
Sender Pattern Type: Domain name
Sender Pattern: sim.masternetflow.com
Recipient Pattern: * (all recipients)
Action: Safe
Authentication exemption: Enable
Move rule to top
Ensure this rule is processed before other restrictive rules by moving it to the top of the list.
Method 2: Antispam Profile Exception
Navigate to Antispam Profiles
Go to Profile → AntiSpam
Edit your active profile
Select your antispam profile and click Edit
Add to Sender Safe List
Under Safe List tab, add:
*@sim.masternetflow.comMethod 3: URL Click Protection Bypass
Navigate to URL Click Protection
Go to Security → URL Click Protection
Add URL exemption
In the URL exemption list, add:
sim.masternetflow.com
Cisco Secure Email (ESA/IronPort)
Configure Sender Group and Mail Policy exceptions
Method 1: Host Access Table (HAT) Configuration
Log in to Cisco ESA Web Interface
Access your Cisco Email Security Appliance admin console.
Navigate to HAT Overview
Go to Mail Policies → HAT Overview
Create a new Sender Group
Click Add Sender Group and configure:
Name: MasterNetflow_Simulation
Order: Place before SUSPECTLIST
Policy: TRUSTED (or create a custom policy)
Senders:
.sim.masternetflow.com(note the leading dot).masternetflow.com
Submit and Commit Changes
Click Submit, then go to Commit Changes to apply.
Method 2: Incoming Mail Policy Exception
Navigate to Incoming Mail Policies
Go to Mail Policies → Incoming Mail Policies
Create a new Policy
Click Add Policy and configure:
Policy Name: MasterNetflow_Phishing_Simulation
Editable By (Delegated): As needed
User: All (or specific groups)
Configure Policy Settings
For the new policy, configure:
Anti-Spam: Disabled or set to Deliver
Anti-Virus: Deliver (with warning if preferred)
Advanced Malware Protection: Disabled
Graymail: Disabled
Content Filters: Disabled
Outbreak Filters: Disabled
Method 3: URL Filtering Bypass
Navigate to URL Filtering
Go to Security Services → URL Filtering
Add to URL Whitelist
Under URL Whitelist, add:
sim.masternetflow.com
Disable URL Defanging (if needed)
If using URL defanging, ensure sim.masternetflow.com is excluded from URL rewriting in your Outbreak Filters configuration.
Commit Changes
Go to Commit Changes to apply all configurations.
Cisco Cloud Email Security: If you're using Cisco Cloud Email Security (CES), the steps are similar but accessed through the cloud portal. Contact your Cisco representative or Master NetFlow support for cloud-specific guidance.
Need Help with Whitelisting?
Our support team can guide you through the process or configure it remotely.
Verify Your Configuration
After completing the whitelisting steps, we recommend sending a test simulation to verify emails are delivered correctly.
How to test: Go to your Master NetFlow dashboard → Campaigns → Send Test Email. Send a test to yourself and verify it arrives in your inbox (not spam) with all links intact.