KnowBe4 is a training and compliance service. They typically will send spoofing emails as your domain to your employees to test to see who opens the message(s) and to provide metrics on this. They then offer follow-up training as needed for your employees.


By default, the KnowBe4 service will not send in an aligned way as your domain for DMARC. This is why it is not listed on the configuration page under enabled senders for our paid enforce customers.


The service typically spoofs your domain. If your domain is already enforcing DMARC, their messages should not be going to your employee's inbox (barring specific configuration/routing exceptions outside of the DMARC policies). 


We are usually asked how to get KnowBe4 to send in an aligned manner so the training program can start/continue on domains that are at enforcement. Some of our customers have contacted KnowBe4 and had them send in an aligned way as their domains from two particular IPs. If you contact your account manager or technical support rep at KnowBe4, they may be able to do this for you depending on the compliance and training program you have purchased. [KnowBe4 contact link]


Once they have provided the two IPs they will be using, you will need to add them to the Netblocks configuration for your domain on the configuration page. Contact our Support group for further instructions on setting up this service if you have questions.



KnowBe4 typically recommends that you using SPF alignment to pass DMARC checks and selecting the option to 'Overwrite Fixed Return-path Address with Sender Address' in your KnowBe4 account settings



If your domain is not at enforcement the above may not be an issue for your compliance testing.