To ensure CanIPhish can effectively simulate phishing campaigns, you will need to allowlist our emails. We recommend allowlisting by either IP address or Email Header depending on the use-case.
Allowlisting can be tricky and may require some trial and error. If you're unsuccessful with this method, please check out our guide on allowlisting by IP Address, which can be found here.
Email Header Allowlisting
1. Log onto https://admin.google.com, type 'Gmail' into the top search bar and select 'Settings for Gmail'.
2. Scroll to Compliance and next to Content compliance, click Configure
3. Edit the Content compliance settings to match below, then under Expressions click add.
4. Edit the expression to match the settings below, then hit SAVE:
Note: Within the Content input, the numbers are your 36-digit Tenant ID. This can be grabbed from the User Profile page on the left-side of the page and is unique to your CanIPhish tenant.
Example: X-CanIPhish: 3433186e-8e45-4ccc-90f5-e134a4ccyg25
5. Scroll down and check the 'Bypass spam filter for this message'. Leave everything else default/unticked and click SAVE
All done! If you have trouble with this allowlisting guide, take a look at our guide for Allowlisting by IP Address in GSuite/Google Apps. Should you have any difficulties, please don't hesitate to contact us.
Note: Google in many cases will insert a gray banner at the top of simulated phishing emails saying "This message was not sent to Spam based on your organization's settings". There is currently no configuration to hide this banner and is a consistent issue across all phishing simulation platforms. In saying this, simulated phishing campaigns still have a high success rate and won't materially impact results.
If you experience issues with a: This message seems dangerous banner
Please use the following support guidance to bypass it.