Whitelisting Phish for Google GSuite

Whitelisting is an important component of the Phishing Simulator and Awareness Educator to deliver phishing campaigns and to prevent these campaigns from being blocked or filtered by your spam filters. Follow along below for configuration of GSuite.


Add our IP addresses to your email whitelist

  1. Log in to Google Admin console by going to https://admin.google.com.
  2. Click Apps.

    GSuite Apps Settings
  3. Now, click G Suite.

  4. Go to Gmail.

    Gmail Settings
  5. Scroll down and select Advanced Settings.

    Gmail Advanced Settings
  6. Under the General Settings tab, enter the following IP addresses in the Email whitelist section:

    149.72.42.201
    37.1.145.35
    37.1.145.36
    149.72.154.87
    149.72.161.59

  7. Scroll down to the bottom of the page and click Save.

Note: It can take up to an hour for any changes to take effect. You can track changes in the Admin console audit log.

Add the Platform's IP addresses as inbound Gateway

Note: These settings will help to ensure that Gmail doesn't classify the simulated phishing test messages from the platform as spam and will prevent the following Google banner from appearing in your users' inbox:Gmail dangerous email banner

  1. Navigate once more to the Gmail Advanced Settings ( From the Google Admin console -> GSuite > Gmail > Advanced Settings).
  2. On the left, select your domain.
  3. Scroll to the Inbound gateway section setting in the Spam section. Hover over the setting and click the Configure button to create a new setting. You should see a similar screen as shown below:

    Inbound Gateway settings
  4. Now, in the Add setting dialog configure the Inbound Gateway using the settings below:
    1. Gateway IPs
      1. Add the following addresses: 149.72.42.201,37.1.145.35, 37.1.145.36, 149.72.154.87, 149.72.161.59.
      2. Leave the "Reject all mail not from gateway IPs" box unchecked.
      3. Check the Require TLS for connections from the email gateways listed above box.
    2. Message Tagging
      1. Check the Message is considered spam if the following header regexp matches the box.
      2. Enter a text for the Spam Header Tag that is unlikely to be found in a PST email. This field is required (Example: "kzndsfgklinjvsdnfioasmnfroipdsmfs").
      3. Select the Disable Gmail spam evaluation on mail from this gateway; only use header value option.





  5. Click Add Setting, then Save.