This article will explain, how to whitelist the simulated SoSafe phishing emails in Google Workspace. Afterwards we will also explain how you can prevent Google from showing your users warning banners with regards to the SoSafe phishing emails.
All relevant information with regards to your campaign can be found on our management portal under Dispatch > Whitelisting.
There you can access the lastest information on:
- The IP addresses of our mail servers.
- The envelope sender addresses (technical senders) used in your campaign.
- The list of the active domains in the SoSafe phishing links.
- The list of the active domains for the e-learning platform.
Self-service users can only access this information on the platform after log in, whereas all other users can access this information by simply following this direct link:
Part 1: Add SoSafe IP addresses
Here, we explain how you can add our IP addresses to the whitelist. This information is taken from Google Support.
1. Log in at https://admin.google.com and click on Apps and then click Overview.
2. Select Google Workspace.
3. Now select Gmail
4. Click "Spam, Phishing and Malware"
5. Under E-mail whitelist, type in our IP addresses (if unsure which IP addresses you need please refer to our platform or follow the direct link). Separate each address with a comma.
6. Save the settings
We recommend conducting a test with our emails, but the changes in the whitelisting might take some time to be implemented for all users.
Part 2: Configuration of the spam filter
The spam filter setting prevent the incoming emails from the SoSafe simulation from being classified as spam.
1. Under Spam, phishing and malware, in the category "Spam", click Edit and give your spam filter a name (here: SoSafe2).
2. Make sure that "Bypass spam filters for messages from internal senders" and "Bypass spam filters for messages from addresses or domains on these allowed senders lists" are checked
Now click "Create new" and add the mail servers and senders that are listed on the Manager Portal under Simulation > Whitelisting.
Then click "Save".
If you adjust the spam filter as described above, our emails will be delivered to your users' inboxes. However, Google will display these messages with a notice that they have not been classified as spam due to your organization's spam filter rules. Unfortunately, these notifications cannot be disabled at this time. Many users on the Google Support forums (https://support.google.com/mail/thread/10086372?hl=en) have complained about this, so there is a chance that a feature may be added in the future. If this happens, we'll expand this guide accordingly.
Part 3: Add SoSafe IP addresses as Inbound Gateways
This method should prevent your users from seeing the following Google banners in their inbox when receiving one of our simulated phishing emails.
This message seems dangerous
Be careful with this message
This process exempts the simulated SoSafe phishing-mails from the Gmail banner warnings. This process is not part of the Google whitelisting recommendations.
- Log in to your Google Admin Console.
- Go to Apps > Google Workspace > Gmail > Spam, phishing and malware.
- Scroll down to the option Inbound gateway. Hover your mouse over the settings and click on the Edit button. This will open the Inbound gateway display.
- Adjust your Inbound gateway settings as explained bellow:
- Gateway IPs
Add the SoSafe IP addresses to the Gateway IPs.
- Do not check the box for: Reject all mail not from gateway IPs.
- Check the box for: Require TLS for connections from the email gateways listed above.
- Message tagging
Enter a text into the Spam header tag which will most probably not be contained in an email. This part has to be filled out.
- Example: kzndsfgklinjvsdnfioasmnfroipdsmfs
- Then check the box for: Disable Gmail spam evaluation on mail from this gateway; only use header value.
- Save your changes.
This concludes the whitelisting process for Google Workspace.