To safelist in Google Workspace and to prevent warning banners from appearing on your phishing emails, please complete the instructions outlined in this article.
- Safelisting in Google Workspace
- Approved Senders List
Safelisting in Google Workspace
Follow the below instructions to safelist in Google Workspace:
- Log into admin.google.com
- Navigate to Apps > Google Workspace > Gmail
- Click Spam, Phishing, and Malware (or, Content Compliance in G Suite)
- In the Email allowlist field, enter the PhishingBox IP addresses (found in this article). The IPs should be separated by commas. For phishing test emails enter 18.104.22.168 (US) or 22.214.171.124 (EU).
- Click "Save".
Setting up an Inbound Gateway for PhishingBox IPs
Next, you'll want to configure an Inbound Gateway. Follow the steps outlined below:
- Click the edit icon to the right of Inbound Gateway.
- Add the PhishingBox IP addresses (found in this article), for phishing test emails enter 126.96.36.199 (US) or 188.8.131.52 (EU).
- Checkmark "Require TLS for connections from the email gateways listed above".
- Checkmark "Message is considered spam if the following header regexp matches". Enter a random text of letters, such as "lakjdfioeuohiuoiejasdifyaiuqwepqiank" (should be different than that, though).
- Checkmark "Disable Gmail spam evaluation on mail from this gateway; only use header value". The completed Inbound Gateway rule should look similar to this:
- Click "Save".
Approved Senders List
Next, create an approved senders list to bypass the spam filter.
- Click the 'CONFIGURE' button in the Spam row.
- Give the rule a descriptive name, then check the 'Bypass spam filters for messages received from addresses or domains within these approved senders lists.' checkbox.
- You can assign an existing list of senders to the rule or create a new one. If you have to create a list, use the 'Add address list' form to add any phish domains you plan to use in phishing exercises to the list. You can reach the 'Add address list' by clicking 'create or edit list'. For each domain, uncheck the 'Authentication required' checkbox.
- Once the list is saved, add it to the spam rule under the 'Bypass spam filters for messages received from addresses or domains within these approved senders lists.' section and save the rule.
Allow up to 24 hours for the propagation of these rules.
NOTE: If you are using G Suite Legacy, safelisting capabilities may be limited and you may not be able to fully safelist Portal. G Suite Legacy is a free G Suite version that was offered by Google prior to December 2012. For more info on G Suite Legacy, please see Google's article here: https://support.google.com/a/answer/2855120?hl=en. For information on safelisting in Google Workspace, see this article: https://support.google.com/a/answer/60751.
Please sign in to leave a comment.