We are using the SRX340 as our primary security device. We have engaged a 3rd party to do some parts of penetration testing. They have asked for this:
Email Social Engineering
IMPORTANT NOTE: In order to ensure successful delivery of phishing emails, you must whitelist the below
IP address on any content filtering, content monitoring, or SPAM filtering system(s) that your company
utilizes. Improper or incomplete whitelisting of these IP addresses could result in incorrect or inaccurate
test results.
IP Addresses to Whitelist:
xxx.xxx.xxx.xxx
Now, we do have a whitelist for Web Filtering. However, we have incomplete insight into what other mechanisms might be in use.
For example, we know that WebFiltering uses undisclosable 3rd party lists that are dynamic.
But this request isn't about blocking outgoing Web accesses.
So, I'm wondering about other things like incoming email filtering in this case.