How do I include Zepo IP in the whitelist of my company?

Zepo is a platform that allows you to simulate phishing attacks. Cybercriminals can bypass your spam filter to exploit your mail server, but Zepo cannot do it. Therefore, you need to configure your mail server to ensure your campaign statistics are not compromised. Below there are different tutorials depending on your email platform with some steps to include Zepo in your whitelist. Remember you need admin access to your email service to follow these configuration steps.

Office 365

1. Create a domain mail flow rule

The recommended approach to whitelist a domain is to use the mail flow rules in the Exchange Admin Centre. Mail flow rules allow you to whitelist a domain and add additional checks such as part of the subject, DMARC result, or a specific IP address.

Go to Mail Flow → Rules and follow these steps:

• Click + Add a Rule and select Create New Rule
• Put a name e.g. Zepo
• Apply This Rule If: The Sender → Domain Is:
  • aboutpage.org
  • helpmail.info
  • login-secured.link
  • mail-campaign.com
  • secure-contents.com
  • track-emails.com
  • zepo.app
  • secured-login.link
  • auth-secure.link
  • check-login.link
  • check-login-user.com
  • deliver-message.com
  • eursafelink.com
  • login-auth.net
  • login-checklog.com
  • my-contents.link
  • safelinksprotect.com
  • securemail-service.com
  • support-email.info
  • support-users.click
  • verify-user.com
• Do the Following: Modify Message Properties → Set a message header and type X-MS-Exchange-Organization-SkipSafeLinksProcessing and set the value to 1
• Click next, do not modify anything in Set rule settings and save in Review and finish
• Once created, click on Disabled on the rule and activate the toggle to Enabled

2. Create an IP mail flow rule

Following the same procedure, create a new rule:

• Set the name e.g. Zepo IP
• Apply this rule if: The sender IP address is in any of these ranges or exactly matches:
  185.103.37.234, 185.103.37.235, 23.251.247.212, 23.251.247.211, 185.207.251.39, 185.249.227.54
• Do the following: Modify the message properties and set the spam confidence level (SCL) to 1
• Review, finish, and enable the rule

3. Whitelist Domains using Allowed Domains

Go to Microsoft Defender 365 Admin Centre and navigate to Policies & Rules → Threat Policies → Anti-spam → Anti-SPAM inbound Policy (Default). Scroll down and click Edit allowed and blocked senders and domains. Add the following domains:

• aboutpage.org
• helpmail.info
• login-secured.link
• mail-campaign.com
• secure-contents.com
• track-emails.com
• secured-login.link
• zepo.app
• auth-secure.link
• check-login.link
• check-login-user.com
• deliver-message.com
• eursafelink.com
• login-auth.net
• login-checklog.com
• my-contents.link
• safelinksprotect.com
• securemail-service.com
• support-email.info
• support-users.click
• verify-user.com

Click Add domains and Done.

4. Whitelist by IP public only

In the same admin portal, go to Policies & Rules → Threat Policies → Anti-spam → Connection Filter Policy (Default) → Edit Connection filter policy and add the following IPs:

185.103.37.234, 185.103.37.235, 23.251.247.212, 23.251.247.211, 185.207.251.39, 185.249.227.54

5. Activate the Phishing simulation feature

In the Microsoft 365 Defender portal, go to Email & Collaboration → Policies & Rules → Threat policies → Advanced delivery → Phishing simulation tab. Click Add and configure the following:

• Domain: Add all Zepo domains listed above
• Sending IP: 185.103.37.234, 185.103.37.235, 23.251.247.212, 23.251.247.211, 185.207.251.39, 185.249.227.54
• Simulation URLs to allow:
  • *.aboutpages.org
  • *.helpmail.info
  • *.login-secured.link
  • *.mail-campaign.com
  • *.secure-contents.com
  • *.track-emails.com
  • *.secured-login.link
  • *.zepo.app
  • *.auth-secure.link
  • *.check-login.link
  • *.check-login-user.com
  • *.deliver-message.com
  • *.eursafelink.com
  • *.login-auth.net
  • *.login-checklog.com
  • *.my-contents.link
  • *.safelinksprotect.com
  • *.securemail-service.com
  • *.support-email.info
  • *.support-users.click
  • *.verify-user.com
• Click Save

6. Modify the green/red list

Go to the Tenant Allow/Block List and click Add. Enter the following:

*,185.103.37.234; *,185.103.37.235; *,23.251.247.212; *,23.251.247.211; *,185.207.251.39; *,185.249.227.54

Click Add to confirm.

7. Add Zepo phishing page URL to Safe Links

Go to Safe Links and click Create. Name your policy e.g. Zepo safe links, add your target audience, then configure the settings and click Manage URLs and add:

• *.aboutpages.org/*
• aboutpages.org
• *.helpmail.info/*
• helpmail.info
• *.login-secured.link/*
• login-secured.link
• *.mail-campaign.com/*
• mail-campaign.com
• *.secure-contents.com/*
• secure-contents.com
• *.track-emails.com/*
• track-emails.com
• *.secured-login.link/*
• secured-login.link
• *.zepo.app/*
• zepo.app
• *.auth-secure.link/*
• auth-secure.link
• *.check-login.link/*
• check-login.link
• *.check-login-user.com/*
• check-login-user.com
• *.deliver-message.com/*
• deliver-message.com
• *.eursafelink.com/*
• eursafelink.com
• *.login-auth.net/*
• login-auth.net
• *.login-checklog.com/*
• login-checklog.com
• *.my-contents.link/*
• my-contents.link
• *.safelinksprotect.com/*
• safelinksprotect.com
• *.securemail-service.com/*
• securemail-service.com
• *.support-email.info/*
• support-email.info
• *.support-users.click/*
• support-users.click
• *.verify-user.com/*
• verify-user.com

Click Next and Finish.

G-Suite

1. Open Google Workspace admin

Sign in to your Google Admin console.

2. Whitelist the IP address

In the Admin console go to Apps → Google Workspace → Gmail → Spam, Phishing and Malware. Select the top-level organization, scroll to Email allowlist and enter the Zepo IPs separated by commas:

185.103.37.234, 185.103.37.235, 23.251.247.212, 23.251.247.211, 185.207.251.39, 185.249.227.54

Click Save. Note: changes can take up to 24 hours.

3. Turn off the grey warning

Create a new address list in Manage address lists and add all Zepo domains:

• aboutpage.org
• helpmail.info
• login-secured.link
• mail-campaign.com
• secure-contents.com
• track-emails.com
• secured-login.link
• zepo.app
• auth-secure.link
• check-login.link
• check-login-user.com
• deliver-message.com
• eursafelink.com
• login-auth.net
• login-checklog.com
• my-contents.link
• safelinksprotect.com
• securemail-service.com
• support-email.info
• support-users.click
• verify-user.com

Then in Gmail spam, phishing and malware settings, add the list to both the Spam and Blocked senders sections.

Spam section: Click Configure/Add another rule, name it Zepo, and check:

• Bypass spam filter for internal senders
• Bypass spam filters for messages from senders or domains in selected lists — select the Zepo list
• Bypass spam filters and hide warnings for messages from senders or domains in selected lists — select the Zepo list

Blocked senders section: Name it Zepo bypass and check Bypass this setting for messages received from addresses or domains within these approved senders lists — select the Zepo list. Save.

4. Routing

In Routing, configure a new rule:

• Name it Zepo
• Select Inbound in Email messages to affect
• Check Bypass spam filter for this message
• Click Show options
• In section A. Address lists: check Use address lists to bypass or control application of this setting and Only apply this setting for specific addresses / domains — select the Zepo list
• In section B. Account types to affect: select Users

5. Additional recommended configuration

If you've followed this guide and still see the grey warning, it may be due to Enhanced pre-delivery message scanning being active. A potential workaround is to briefly deactivate it during your phishing campaign and then promptly turn it back on afterward.