This article will explain, how to whitelist the simulated SoSafe phishing mails in Google Workspace. Afterwards we will also explain how you can prevent Google from showing your users warning banners with regards to the SoSafe phishing mails.
All relevant information with regards to your campaign can be found on our management portal under simulation > whitelisting.
There you can access up to date information on:
- The IP-addresses of our mail servers.
- The Envelope-Sender-Addresses (technical Sender) used in your campaign.
- The list of the active domains in the SoSafe phishing links.
- The list of the active domains for the e-learning platform.
Self-Service users can access this information solely on the platform after log-in, all other users can access this information by simply following this direct link:
Part 1: Add SoSafe IP addresses
Here, we explain how you can add our IP addresses to the Whitelist, information is taken from Google Support.
1. Log in under https://admin.google.com and choose Apps
2. Select the Google Workspace.
3. Now choose Gmail
4. Enter the Advanced Settings
5. Under E-Mail Whitelist, type in our IP addresses (if unsure which IP addresses you need please refer to our platform or follow the direct link). Separate one from the other by placing a comma.
7. Save settings
We recommend to execute a test sending with our mails in the following, however the changes in the whitelisting might take some time to be implemented for all users.
Part 2: Configuration of the Spamfilter
The spam filter setting prevents the incoming mails of the SoSafe simulation from being classified as spam.
1. Under General Settings, in the category "Spam", click Edit and give your spam filter a name (here: SoSafe Test).
2. Make sure that "Bypass spam filters for messages from internal senders" and "Bypass spam filters for messages from addresses or domains on these allowed senders lists" are checked
Now click Create New and add the mail servers that are listed on the Manager Portal under Simulation > Whitelisting.
Then click on save.
If you adjust the spam filter as described above, our mails will be delivered to your users' inboxes. However, Google will display these messages with a notice that they have not been classified as spam due to your organization's spam filter rules. Unfortunately, these notifications cannot be disabled at this time. Many users on the Google Support forums (https://support.google.com/mail/thread/10086372?hl=en) have complained about this, so there is a chance that a feature may be added in the future. If this happens, we'll expand this guide accordingly.
Part 3: Add SoSafe IP addresses as Inbound Gateways
This method should prevent that your users get to see the following google banners in their inbox when receiving one of our simulated phishing mails.
This message seems dangerous
Be carefull with this message
This process exempts the simulated SoSafe Phishing-Mails from the Gmail banner warnings. This process is not part of the Google whitelisting recomendations.
- Log in to your Google Admin Console.
- Go to Apps > Google Workspace > Gmail > Advanced Settings.
- Under Genereal Settings, choose your top level organization on the left (usually that should be your primary domain).
- Scroll down to the option Inbound Gateway in the Spam Section. Hover your mouse over the settings and click on the Edit Button. This will open the Inbound Gateway display.
- Adjust your Inbound Gateway settings as explained bellow:
- Gateway IPs
Add the SoSafe IP addresses to the Gateway IPs.
- Do not check the box for: Reject all mail not from gateway IPs.
- Check the box for: Require TLS for connections from the email gateways listed above.
- Message Tagging
Enter a text into the Spam Header Tag which will most probably not be contained in an e-mail. This part has to be filled out.
- Example: kzndsfgklinjvsdnfioasmnfroipdsmfs
- Then check the box for: Disable Gmail spam evaluation on mail from this gateway; only use header value.
- Save your changes.
This concludes the whitelisting process for Google Workspace.