Sophos Email Appliance (SEA) Allowlisting

Updated by Jacob Flinders

Allowlisting in your Sophos Email Appliance (SEA) will allow your users to receive phishing and training-related emails from Boxphish. 

The instructions below include information from the SEA Configuration guide and the Allow/Block Lists article, both provided by Sophos. If you run into issues Allowlisting Boxphish in your Sophos appliance, we recommend reaching out to Sophos for specific instructions.


Modify the Allow/Block Lists

The Allow/Block lists allow you to define hosts and senders which are trusted or untrusted. Messages from allowed hosts and senders will bypass Sophos antispam filtering. 

To add Boxphish to the Allow list:

  1. In your SEA manager, navigate to Configuration > Policy > Allow Lists.
  2. Click the appropriate list to display the List Editor dialog box.
  3. If you have an additional spam filter in front of SEA, select the Senders tab. If you do not have an additional spam filter in front of SEA, select the Hosts tab. 
  4. In the Add entries text box, enter each required item* and click Add.
  5. *What you enter next varies depending on your selection in Step 3 (Hosts or Senders).
    1. If on the Senders tab, enter the Boxphish server hostname: 
    2. If on the Hosts tab, enter our sending IP address:
  6. Be sure to save this new rule and test it by sending yourself some of our phishing simulations.

We hope you have found this guide useful. If there are any other areas you would like to be explained that have not been, or you have any questions or issues regarding this guide, please contact us at

How did we do?