Riot

If your Proofpoint solution is not properly configured, these emails may be blocked by spam filters, which can distort your campaign statistics.

This article outlines the steps required to authorize Riot’s IPs and domains, ensuring that your tests (and the Phish Alarm button) run smoothly.

___________________________________________________________

Proofpoint is an advanced email security solution.

It can block legitimate Riot test emails if certain IP addresses or domains are not authorized in its settings.

Proofpoint includes several modules: Essentials, Enterprise, Targeted Attack Protection (TAP), and Phish Alarm (for reporting suspicious emails).

Go to <code>Security Settings &gt; Email &gt; Sender Lists</code>

Add Riot’s IP to the Safe Sender list:

1. Go to <code>Security Settings &gt; Email &gt; Sender Lists</code>
2. Add Riot’s IP to the Safe Sender list:
 159.135.234.25
3. Click Save

👉 If attachments are being blocked, check Proofpoint’s article on default blocking rules.

This ensures Riot simulation emails are properly delivered to user inboxes.

Log in to the Proofpoint Enterprise Admin Console

In the <code>Spam Detection</code> menu, select Organisational Safe List

- Filter Type: Sender IP Address
- Operator: Equals
- Value: 159.135.234.25

1. Log in to the Proofpoint Enterprise Admin Console
2. Click Email Protection
3. In the <code>Spam Detection</code> menu, select Organisational Safe List
4. Click Add
5. In the Global Safe List window:
 - Filter Type: Sender IP Address
 - Operator: Equals
 - Value: 159.135.234.25
6. Click Save Changes

💡 This configuration ensures Riot’s test emails are not flagged as spam by Proofpoint’s detection engine.

✅ Targeted Attack Protection (TAP)

To avoid false positives with TAP, add Riot to the URL Defense exceptions:

Go to the Proofpoint Essentials admin console

Under <code>Targeted Attack Protection</code>, select URL Defense

Under <code>Exceptions</code>, add the IP: 159.135.234.25

1. Go to the Proofpoint Essentials admin console
2. Click Email Protection
3. Under <code>Targeted Attack Protection</code>, select URL Defense
4. Click URL Rewrite Policies
5. Under <code>Exceptions</code>, add the IP: 159.135.234.25
6. Click Save Changes

This prevents TAP from rewriting or blocking URLs contained in Riot test emails.

✅ Configuring the Proofpoint Phish Alarm (TRAP)

The Phish Alarm button allows users to report suspicious emails directly from their inbox.

To ensure compatibility with Riot simulations, Proofpoint must recognize and process Riot emails as legitimate test messages.

Proofpoint’s TRAP AI can only analyze emails that pass through Proofpoint’s filtering pipeline.

If your Riot tests bypass Proofpoint, they will not be processed or classified correctly.

Add a specific rule to allow Riot emails through Proofpoint without interference from other security tools or external gateways.

This ensures TRAP and Phish Alarm can analyze the message properly.

Add a Tag or Routing Policy (optional)

Some Proofpoint environments require a tag or policy route to identify Riot messages and apply the correct processing rules.

Send a test email from Riot and use the Phish Alarm button to confirm that:

- The email is correctly reported
- It appears in Proofpoint TRAP
- It is not blocked or altered before processing

1. Verify TRAP Compatibility
 Proofpoint’s TRAP AI can only analyze emails that pass through Proofpoint’s filtering pipeline.
 If your Riot tests bypass Proofpoint, they will not be processed or classified correctly.
2. Create a Firewall / Bypass Rule
 Add a specific rule to allow Riot emails through Proofpoint without interference from other security tools or external gateways.
 This ensures TRAP and Phish Alarm can analyze the message properly.
3. Add a Tag or Routing Policy (optional)
 Some Proofpoint environments require a tag or policy route to identify Riot messages and apply the correct processing rules.
4. Test the Workflow
 Send a test email from Riot and use the Phish Alarm button to confirm that:
 - The email is correctly reported
 - It appears in Proofpoint TRAP
 - It is not blocked or altered before processing

- If your emails still land in spam despite this configuration, verify that IP 159.135.234.25 is correctly added in: <code>Email Protection &gt; Spam Detection &gt; Organisational Safe List</code>
- For proper Phish Alarm behavior, make sure Riot emails go through Proofpoint’s pipeline (and not another MTA or pre-filter)
- If TRAP errors occur, confirm that Riot’s IP and domains are present in your approved sender lists

Our guide dedicated to configuration between Riot and Proofpoint

Set Up Riot with Proofpoint and Phish Alarm

Create a custom design with text, images, and links

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Set Up Riot with Proofpoint and Phish Alarm

Introduction

Definition

Associated Options / Features

✅ Proofpoint Essentials

✅ Proofpoint Enterprise

✅ Targeted Attack Protection (TAP)

✅ Configuring the Proofpoint Phish Alarm (TRAP)

Recommended Steps: