Skip to content

Deliverability & domains

Land in the inbox, not the spam folder

A phishing test only teaches something if it arrives. PhishSpot provisions and monitors your sending domains end to end — DNS, authentication, TLS and filter whitelisting — so every simulation reaches the people you meant to reach.

Managed sending domains

Add a domain, and we handle the plumbing

Bring your own domain or lease one from us. PhishSpot provisions the full mail stack through Cloudflare and Postal — no DNS ticket, no waiting on IT.

  • SPF, DKIM, MX and return-path generated and published automatically.
  • TLS certificates issued and renewed for landing pages and tracking.
  • Delegation and verification run in the background and report status as they complete.
  • One place to see every domain, its role, and whether it is ready to send.
platform.phishspot.com/domains
Custom domain setup in PhishSpot
Built for deliverability

Everything that keeps you out of the spam folder

Domains, authentication, monitoring and filter whitelisting — managed as one system, not a pile of DNS records.

Three kinds of domain

Platform domains host your landing pages, Secured domains are ones you verify and control, and Custom (BYOD) sending domains are fully managed on your behalf.

BYOD sending domains

Bring a domain you already own. We provision it for sending and keep it warm, so campaigns come from an address your people trust.

Authentication, automatic

SPF, DKIM, MX and return-path records are created and published through Cloudflare and Postal — correctly, every time.

Hourly health checks

Every domain is re-checked each hour: delegation, DNS records, mail flow, SSL, and expiry via RDAP. Problems surface before a campaign does.

Spam-filter whitelisting

Export ready-made allow-list rules in ten formats — Microsoft 365, Google Workspace, Mimecast, Proofpoint, Postfix, SpamAssassin, plus raw TXT, JSON, CSV and Markdown.

Auto-refreshing whitelist

A webhook keeps your whitelist current as sending IPs and domains change — set it once and forget the maintenance.

One-time setup

Delegate once, we handle the records

Point your domain’s nameservers at us a single time. From then on, every record a simulation needs is created, verified and kept healthy automatically.

  • Copy two nameservers into your registrar — that’s the whole manual step.
  • We watch delegation propagate and confirm the domain the moment it is live.
  • DNS, mail and TLS records are managed for you and re-verified every hour.
  • Expiry and RDAP checks warn you well before a domain lapses.
platform.phishspot.com/domains
Nameserver delegation in PhishSpot
FAQ

Deliverability, explained

How do you keep simulations out of the spam folder?

Two ways. First, we provision each sending domain with correct SPF, DKIM, MX and return-path records and valid TLS, so mail is properly authenticated. Second, we generate ready-to-apply whitelist rules for your mail security — Microsoft 365, Google Workspace, Mimecast, Proofpoint and more — so your gateway trusts the campaign IPs and domains. A refresh webhook keeps those rules current.

Do I have to touch DNS myself?

Only once. You delegate the domain by copying two nameservers into your registrar. After that PhishSpot creates and maintains every record for you and re-checks them hourly.

What’s the difference between Platform, Secured and Custom domains?

Platform domains are ours and host landing pages out of the box. Secured domains are ones you own and verify so we can use them safely. Custom (BYOD) sending domains are your own domains, provisioned end to end for sending and fully managed.

How will I know if a domain breaks?

Every domain is health-checked every hour across delegation, DNS, mail flow, SSL and expiry (via RDAP). If something drifts, it’s flagged in the dashboard before it can affect a live campaign.

Deliverability you don’t have to babysit

Connect a domain and let PhishSpot handle DNS, authentication, TLS and whitelisting — so your simulations always arrive.