Google Workspace

Updated 9 months ago by Sam McDougall

Below is a guide on how to allow Boxphish phishing simulations and courses through Google workspace so that users receive this content as intended in their inboxes.

Allowing Boxphish's IP through Google workspace

Adding IP addresses to the allow-list will help emails get through without falling into the spam folder - whereas adding domains as Inbound Gateways will help you get rid of warning messages that could otherwise tip your users off to their simulated phishing emails.

  1. Log in to https://admin.google.com with an admin account.
  2. Navigate to Apps > Google Workspace > Gmail.
  3. Scroll to the bottom and select 'Spam, Phishing and Malware.
  4. click 'Email Whitelist'.
  5. In the 'Email Whitelist' section, enter our Boxphish IP: 23.249.219.118 
  6. Click 'Save'.

Please note: these changes can take time to apply. Please allow at least an hour for this to fully take effect.

Add Boxphish's IP addresses as Inbound Gateways

Google Workspace will automatically tag some emails as suspicious if it believes there's a chance they are phishing-related and may add banners to them to notify users of increased risk.

This could be a yellow 'Be careful' banner:

Or a red 'This message seems dangerous' banner:

To better assess your users' vulnerability to phishing, you will want to ensure that these banners do not show up during your simulated phishing campaigns. Follow the instructions below to prevent these banners from appearing for Boxphish-simulated phishing emails in Google Workspace.

  1. Log in to https://admin.google.com
  2. Navigate to Apps > Google Workspace > Gmail.
  3. Scroll down to the bottom of the Gmail settings page and click 'Spam, Phishing and Malware'.
  4. Scroll down to the third option which should be 'Inbound Gateway'.
  5. Add our Boxphish IP address to the Gateway IP list: 23.249.219.118 
  6. Make sure that the 'Reject all mail, not from gateway IPs' setting is unchecked.
  7. Under 'Message Tagging', ensure 'Message is considered spam if the following header regexp matched' is checked.
  8. In the 'Regexp' field, enter text that is unlikely to be found in a simulated phishing email, for example: ksdhqloqwklcpsshovpsnlx.
  9. Check the 'Disable Gmail spam evaluation on mail from this gateway; only use header value' setting.
  10. Click 'save'.

This is what this window should look like after these steps:

Your simulated phishing and security awareness training emails should now all be delivered successfully to your users, without warning banners popping up. We suggest you send a test simulated phishing email to your own address first to ensure all the settings have been applied correctly. 

Allow Boxphish's domains in Google Workspace

Allow-listing Boxphish domains in Google Workspace will help ensure that your course enrolments, policy send-outs, and simulated phishing emails are delivered successfully to your end users. 

  1. Log in to https://admin.google.com with an admin account.
  2. Navigate to Apps > Google Workspace > Gmail.
  3. Scroll to the bottom and select 'Spam, Phishing and Malware'.
  4. Scroll down to the 'Spam' section.
  5. Click 'Add rule' or 'Edit' if you wish to use an existing rule.
  6. Give the rule a name like "Boxphish Allow-list".
  7. Click 'Create' or if it is an existing rule, click 'edit'.

When you get to the Manage Address list page: 

  1. Click 'Add Address list'.
  2. Click 'Bulk-Add Addresses' and paste domains as shown below into the text box:

Boxphish.com,

nhs-antibodytest.co.uk,

just-eat-voucher.co.uk,

noreply-linkedinverify.co.uk,

noreply-amazon.co.uk,

dpdupdates.co.uk,

dropbox-notifications.co.uk,

microsoft-notifications.co.uk,

netflix-password.co.uk,

netflixnotifications.co.uk,

noreply-deliveroocredit.co.uk,

noreply-hmrcupdate.co.uk,

noreply-microsoftpasswordreset.co.uk,

noreply-ubercredit.co.uk,

gmaillogin.co.uk,

google-notifications.co.uk,

dhlshipping.co.uk,

noreply-amazon.co.uk,

who-travel-updates.com,

royaal-maill.com,

netflix-update-details.com,

fed-ex-parcels.com,

microsoft-security-alerts.com,

coffee-vouchers.com,

hr-staff-updates.com,

staff-payroll-updates.com

Back on the settings page:

  1. Click 'Use Existing List'
  2. Select the new address list you created on the previous page
  3. Press 'Save'.

This should now allow all Boxphish phishing simulations and training classrooms through to users inbox's as normal.


How did we do?