Team: Huntress Managed Security Awareness Training (SAT)
Product: Managed SAT, Domain Verification
Summary: Domain Verification is used to verify Domain Access and Deliverability testing before a Phishing campaign can be launched.
When selecting the Phishing tab for the first time in the Managed SAT platform, you will encounter a screen like the following:
When you select the ADD DOMAINS menu, you will be redirected to the Phishing Settings section of the platform. You can also navigate directly to this section via the Gear icon on the upper right side of the screen and then select Phishing in the menu on the left.
Authorized Domains
To ensure secure delivery and prepare for advanced custom phishing features, Huntress requires that all learner email domains be authorized. This prevents unauthorized phishing simulations and ensures your emails reach their intended targets.
Requirement: For verification to work correctly, you must use an Administrator account that is set up in the dashboard. This can not be a Shared Mailbox. Admins can be added under the Teams Tab in Settings. If partner-managed, this admin account can be removed after the Domain Authorization and Deliverability Test steps have been completed.
Authorized Domains - Strict Mode
Huntress uses Authorized Domains Strict Mode to verify that phishing simulations are only sent to domains you own or manage.
- New Organizations: This mode is enabled by default. You must authorize a domain before you can send phishing emails to learners at that domain.
-
Existing Organizations:
- If your domains are already authorized, this mode is enabled automatically.
- If you have unauthorized domains, please proceed with authorization as soon as possible. While you can continue to send simulated phishing emails for now, Huntress will not be able to enable upcoming customization options until you perform authorization.
Important Note:
- Consumer email providers such as gmail, hotmail, and yahoo are prohibited from simulated phishing because they lack the administrative permissions to allowlist our messages. You can only assign learning episodes to those domains.
How to Authorize a Domain
You can authorize a domain using one of two methods: provider synchronization or manual email verification.
Synchronize with a Provider
The most efficient way to authorize domains is by syncing with your email provider.
- Log in to the Huntress SAT Dashboard.
- Set up the Microsoft 365 or Google Workspace integration for the Groups you wish to send phishing emails to.
- Settings > Integrations > Providers > Add New Provider
- Once the sync is complete, Huntress automatically authorizes all discovered domains.
Verify Manually via Email
If you do not use a supported provider sync, you can verify domains manually.
- Navigate to your SAT settings.
- Go to the Phishing tab then Authorized Domains
- Enter an email with the domain you wish to authorize.
- Click Send Verification Email.
- Follow the instructions in the email sent to the address at that domain to complete the authorization.
Note: If you attempt to send a phishing simulation to an unauthorized domain while in Strict Mode, the message will fail with the reason:
Blocked Reason: Learner email domain is not authorized for phishing.
Deliverability Test
- To Perform a Deliverability Test, simply select the Create Test button.
- Input the email address of an account in the target domain and then select Create.
This will generate an email to the email address provided that contains a Verification Code and a link to enter the code.
- Open the email and then complete the Deliverability test.
If you do not receive the email, please double-check your allowlist setting to ensure it can be delivered to the target mailbox, as this message is generated from our Phishing Server.
Our generic Allowlist guide can be found here.
See also Learner Verification