This method of whitelisting is to prevent the following Google banners from appearing in your user's inbox when they receive a simulated phishing email from CanIPhish:
This message seems dangerous
We have found that this process exempts CanIPhish simulated phishing emails from the Gmail banner warnings. However, this is not documented by Google as a whitelisting recommendation.
- Log in to your Google Admin Console.
- Navigate to Apps > Google Workspace > Gmail > Spam, Phishing and Malware.
- Under Organizational Unit, select your top-level organization (typically your primary domain) on the left.
- Scroll down to the Inbound Gateway setting. Click the setting and check the Enable checkbox. This will open the Inbound gateway screen.
- Configure the Inbound gateway using the settings below:
- Gateway IPs
Add CanIPhish's IP addresses. For the most up-to-date list of our IP addresses, please see this article.
- Leave the Reject all mail not from gateway IPs option unchecked.
Note: Unless you have IPs other than CanIPhish’s IP addresses, we recommend deselecting the Automatically detect external IP checkbox since this setting may interfere with whitelisting.
See this article from Google for more information: Set up an inbound mail gateway.
- Check Require TLS for connections from the email gateways listed above.
- Message Tagging
Enter text for the Spam Header Tag that is unlikely to be found in a PST email. This field is required.
- Example: asdasdasdasdasdasdasdasda
- Select the Disable Gmail spam evaluation on mail from this gateway; only use header value option.
- Click the SAVE button.