Safelisting in Google Workspace/GSuite/Google Apps

Overview

To safelist in Google Workspace and to prevent warning banners from appearing on your phishing emails, please complete the instructions outlined in this article.

Use the links below to jump to a section:

• Email Allowlist
• Inbound Gateway
• Approved Senders List

Email Allowlist

Follow the below instructions to safelist in Google Workspace:

1. Log into admin.google.com.

2. Navigate to Apps > Google Workspace > Gmail. (See below):

   

    

3. Click Spam, Phishing, and Malware (or, Content Compliance in G Suite)

   

4. In the Email allowlist field, enter the PhishingBox IP addresses found in here. The IPs should be separated by commas. For phishing test emails input 64.191.166.196 (US) or 64.238.34.10 (EU). For training campaign emails, input 64.191.166.197.
   
5. Click "Save".

Inbound Gateway

Next, you'll want to configure an Inbound Gateway:

1. Click the edit icon to the right of Inbound Gateway.
2. enter the PhishingBox IP addresses found in here. For phishing test emails enter 64.191.166.196 (US) or 64.238.34.10 (EU), and 64.191.166.197 (US & EU) for training test emails
3. Both 'Automatically detect external IP' and 'Reject all mail from gateway IPs' should be unchecked. 
4. Checkmark 'Require TLS for connections from the email gateways listed above'.
5. Checkmark 'Message is considered spam if the following header regexp matches'. Enter a random text of letters, such as "lakjdfioeuohiuoiejasdifyaiuqwepqiank" (do not use the example here).

6. Checkmark 'Disable Gmail spam evaluation on mail from this gateway; only use header value'. The completed Inbound Gateway rule should look similar to this:

   

7. Click "Save".

Approved Senders List

Next, follow the steps below to create an approved senders list to bypass the spam filter:

1. Click the 'CONFIGURE' or 'ADD ANOTHER RULE' button in the Spam row.

   

2. Give the rule a descriptive name.

   

3. Check the 'Bypass spam filters for messages from senders or domains in selected lists' and 'Bypass spam filters and hide warnings for messages from senders or domains in selected lists' checkboxes.

   

4. You can assign an existing list of domains/senders to the rule or create a new one. If you have to create a list, use the 'Create or edit list' link. This will open the Manage Address list page in a new tab. 
5. On the Manage address list page, click 'ADD ADDRESS LIST'.

6. Add any phish domains you plan to use in phishing exercises. For each domain, uncheck the 'Authentication required' toggle:

   

7. Click 'SAVE'.
8. Navigate back to the tab with the spam rule open.

9. Add the domain list to the spam rule under both the 'Bypass spam filters for messages from senders or domains in selected lists' and 'Bypass spam filters and hide warnings for messages from senders or domains in selected lists' sections:

   

10. Click 'SAVE'.

Allow up to 24 hours for the propagation of these rules.

NOTE: If you are using G Suite Legacy, safelisting capabilities may be limited and you may not be able to fully safelist Portal. G Suite Legacy is a free G Suite version that was offered by Google prior to December 2012. For more info on G Suite Legacy, please see Google's article here. For information on safelisting in Google Workspace, see this article.

Back to top