Firewall/Spam Filter Safelisting
      Back to home
      1. Help Center
      2. Getting Started
      3. Firewall/Spam Filter Safelisting

      Safelisting in Google Workspace/GSuite/Google Apps.

      Step by step guide on safelisting in Google products.

      Overview

      To safelist in Google Workspace and to prevent warning banners from appearing on your phishing emails, please complete the instructions outlined in this article.

      Email Allowlist

      Follow the below instructions to safelist in Google Workspace:

      1. Log into admin.google.com
      2. Navigate to Apps > Google Workspace > Gmail
        nav_-_apps_-_workspace_-_gmail.png

      3. Click Spam, Phishing, and Malware (or, Content Compliance in G Suite)
        Spam__Phishing_and_Malware.png
      4. In the Email allowlist field, enter the Hook Security, Inc IP addresses (found in this article). The IPs should be separated by commas. For phishing test emails input 64.191.166.196 (US) or 64.238.34.10 (EU). For training campaign emails, input 64.191.166.197.
        email_allowlist.png
      5. Click "Save"

      Inbound Gateway

      Next, you'll want to configure an Inbound Gateway. Follow the steps outlined below:

      1. Click the edit icon to the right of Inbound Gateway
      2. Add the Hook Security, Inc IP addresses (found in this article), for phishing test emails enter 64.191.166.196 (US) or 64.238.34.10 (EU), and 64.191.166.197 (US & EU) for training test emails
      3. Checkmark "Require TLS for connections from the email gateways listed above"
      4. Checkmark "Message is considered spam if the following header regexp matches". Enter a random text of letters, such as "lakjdfioeuohiuoiejasdifyaiuqwepqiank" (should be different than that, though)
      5. Checkmark "Disable Gmail spam evaluation on mail from this gateway; only use header value". The completed Inbound Gateway rule should look similar to this:
        inbound_gateway.png
      6. Click "Save"

      Approved Senders List

      Next, follow the steps below to create an approved senders list to bypass the spam filter.

      1. Click the 'CONFIGURE' or 'ADD ANOTHER RULE' button in the Spam row.
        mceclip0.png
      2. Give the rule a descriptive name.
      3. Check the 'Bypass spam filters for messages from senders or domains in selected lists' and 'Bypass spam filters and hide warnings for messages from senders or domains in selected lists' checkboxes.
      4. You can assign an existing list of domains/senders to the rule or create a new one. If you have to create a list, use the 'Create or edit list' link. This will open the Manage Address list page in a new tab. 
      5. On the Manage address list page, click 'ADD ADDRESS LIST'.
      6. Add any phish domains you plan to use in phishing exercises. For each domain, uncheck the 'Authentication required' checkbox:
      7. Click 'SAVE'.
      8. Navigate back to the tab with the spam rule open.
      9. Add the domain list to the spam rule under both the 'Bypass spam filters for messages from senders or domains in selected lists' and 'Bypass spam filters and hide warnings for messages from senders or domains in selected lists' sections.
      10. Click 'SAVE'.

      Allow up to 24 hours for the propagation of these rules.

      NOTE: If you are using G Suite Legacy, safelisting capabilities may be limited and you may not be able to fully safelist Portal. G Suite Legacy is a free G Suite version that was offered by Google prior to December 2012. For more info on G Suite Legacy, please see Google's article here: https://support.google.com/a/answer/2855120?hl=en. For information on safelisting in Google Workspace, see this article: https://support.google.com/a/answer/60751.