Note: This is the preferred allowlisting method for Google GSuite.
To ensure CanIPhish can effectively simulate phishing campaigns, you will need to allowlist our emails. We recommend allowlisting by either IP address or Email Header depending on the use-case.
Allowlisting can be tricky and may require some trial and error. If you're unsuccessful with this method, please check out our guide on allowlisting by Email Headers, which can be found here.
IP Allowlisting CanIPhish Mail Servers
1. Log onto https://admin.google.com, type 'Gmail' into the top search bar and select 'Settings for Gmail'.
2. Scroll down and select 'Spam, Phishing and Malware'.
3. Click either Configure or Edit next to Email Allowlist
4. Input the CanIPhish Mail Server IP Addresses one-by-one, separating them with a comma and click Save.
5. Scroll down and click Configure or Edit next to the Spam sub-heading.
6. Under the Spam name, input "CanIPhish Spam Bypass" and tick the "Bypass spam filters for messages received from addresses or domains within these approved senders list". Then Click "Create or edit list".
7. Click ADD ADDRESS LIST.
8. Click BULK ADD ADDRESSES.
9. Go to Phishing Simulation Domains and copy all domains under the "Sending Domains" heading and paste them into the Bulk add addresses input. Leave the "Require sender authentication" input ticked and then click ADD.
10. Input "CanIPhish Sending Domains" under the Name field and then click SAVE.
11. Go back to the tab which has the "CanIPhish Spam Bypass" rule still open and select "Use existing list".
12. Tick the "CanIPhish Sending Domains" address list and then click the Exit symbol.
13. You may notice the page doesn't update to indicate this list has been added. That's ok. Simply click SAVE and the rule will now be configured.
14. Verify the CanIPhish Spam Bypass rule is setup and click Edit.
15. You should now see the "CanIPhish Sending Domains" address list is now added against the Spam Bypass policy - if it isn't, please repeat steps 11 and 12.
All done! Allowlisting can be tricky... should you have any difficulties, please don't hesitate to contact us.
Note: Google in many cases will insert a grey banner at the top of simulated phishing emails saying "This message was not sent to Spam based on your organization's settings". This banner may persist for up to 48 hours after the initial configuration is applied - afterwards this banner will no longer appear on new emails.
If you experience issues with a: This message seems dangerous banner
Please use the following support guidance to bypass it.