Introduction
Riot sends phishing simulation emails. Without proper configuration, some of these emails may be blocked by Sophos' web filter, which could distort your campaign statistics.
Below are the steps to authorize Riot's domains and IPs and ensure your tests are not blocked.
Definition
Sophos Email Appliance is an email security solution. It filters emails based on block/allow rules (Allow/Block Lists), protections against non-existent domains, and a web filtering policy.
✅ Associated Options/Functionalities:
Add Riot to the Allow List of Sophos Email Appliance
In the SEA Manager:
Configuration > Policy > Allow ListsSelect the policy to edit, then click on List Editor
List:
If an antispam filter is present before SEA, use the Senders tab
Otherwise, use the Hosts tab
In the Add entries zone, add each element one by one, then click on Add
Depending on the chosen tab:
Senders: add
noreply.linkHosts: add
159.135.234.25
Optional: add Riot's phishing domains to the allow list:
loginform.netloginprotect.net
Sophos Perimeter Protection
By default, Sophos blocks emails from non-existent domains.
⚠️ It is not recommended to disable this option, as it would allow real spam to get through.
Recommended alternative:
Modify phishing templates to use Riot attack domains.
💡Tip: If you also add Riot's IP to your SPF records, the emails will appear as sent from your own domain.
Add Attack Domains to the Web Filter Whitelist (Sophos Web Filter)
Go to:
Web Protection > Web Filter Profiles > New filter action > Websites > Add whitelist > DomainAdd the domains provided by Riot (replacing the placeholders below):
*.domain1.com, *.domain2.com, *.domain3.com
(Make sure to respect the asterisk format)
💡 Tips
The exact attack domains are automatically generated by the Riot platform for each client. Be sure to retrieve them from the interface and add them to Sophos in the correct format (*.domain1.com, etc.).