Whitelist by IP
Important: If your organization has a cloud-based SPAM filter, you should include our IPs in the filter whitelist and then use Whitelist by Header.
The below instructions will show you how to whitelist SMARTFENSE's simulated Phishing and Ransomware emails in your GSuite environment. This method consists of three parts:
- Part 1: Email Whitelist
- Part 2: Inbound Gateway Whitelist
- Part 3: Senders excluded from Spam
To get an updated list of our IP addresses, please enter our platform in the Whitelist section under the Settings menu or add /whitelist to the end of your instance URL, for example:
https://instancename.takesecurity.com/whitelist/
https://instancename.trial.takesecurity.com/whitelist/
Part 1: Email Whitelist
Step 1
Log in to https://admin.google.com and choose Apps.
Step 2
Click Google Workspace.
Step 3
Choose Gmail.
Step 4
Select Spam, Phishing, and Malware.
Step 5
Under the Organizational Unit section, select the organization domain.
Step 6
Enter SMARTFENSE IP addresses separated by commas in the Email whitelist section.
Note: GSuite does not allow whitelisting by IP Address for individual organizational units.
Step 7
Save the settings by clicking the Save button at the bottom of the page.
Step 8
After 12 hours, which is the approximate time it takes for the configuration to propagate to all users in the domain, set up a test Phishing or Ransomware campaign with SMARTFENSE to ensure your whitelisting was successful. Reference: Email Whitelist in Google Suite.
Part 2: Inbound Gateway Whitelist
This whitelisting method is not documented by Google, but it is used to prevent the display of the following warnings when receiving a SMARTFENSE Phishing Simulation email:
Step 1
Navigate to Apps > Google Workspace > Gmail > Spam, Phishing, and Malware within the Google Admin Console.
Step 2
Under the General Settings section, select the organization domain.
Step 3
Place the mouse on the Inbound gateway option and click on the Edit button. This action will open a new edition view.
Step 4
Configure the Inbound gateway using the settings below:
1. Add SMARTFENSE's IP addresses in the Gateway IPs section.
2. Leave the Reject all mail not from gateway IPs option unchecked.
3. Check Require TLS for connections from the email gateways listed above.
4. Check the Message is considered spam if the following header regexp matches option in the Message Tagging section. Also, enter an arbitrary text in the Regexp field and select the Message is spam if matches regexp option. The arbitrary text should be a text string unlikely to be found in a SMARTFENSE platform email, for example, jenclsngiejpfutkrnfpsnekfuncienof.
5. Select the Disable Gmail spam evaluation on mail from this gateway; only use header value option.
6. Click the Save button.
Part 3: Senders excluded from Spam
This “Senders excluded from Spam” method is not documented by Google, but it is used to prevent the following warning (Figure 1) from being displayed when receiving a SMARTFENSE Phishing Simulation email:
Figure 1. Gmail warning.
Step 1
Navigate to Apps > Google Workspace > Gmail > Spam, Phishing, and Malware within the Google Admin Console.
Step 2
Under the General Settings section, select the organization domain.
Step 3
Place the mouse on the Spam option located under the Spam, Phishing, and Malware section and click on the Edit button. This action will open a new edition view.
Step 4
Set up Senders excluded from Spam using the options below:
1. Add a Description to this setting; otherwise, you will not be able to save changes.
2. Check the Bypass the setting for messages received from addresses or domains within these approved sender lists option.
3. Click on Use existing list or Create or edit list.
4. Click the + to add the Phishing sender addresses.
5. Always add the sender info@livefense.com to this list. This email can be left permanently once the campaigns have ended since it belongs to SMARTFENSE.
Note 1: It might also be necessary to add the address info@smartfense.com if the Gmail warning (see Figure 1 at the beginning of this section) appears in Newsletters, Reminders, or other non-Phishing simulation emails.
6. Add each of the email addresses of each Phishing scenario that you want to use for each campaign.
REMEMBER TO DISABLE THEM ONCE THE CAMPAIGNS HAVE FINISHED SINCE THEY ARE SPOOFING EMAIL ADDRESSES
For example:
a. coupons@amazonservices.com
b. messages-noreply@linkedin.popular.com
c. no-reply@facebook.notifications.com
d. no-reply@netflix.promotions.com
e. notify@twitter.notify.com
f. OnlineServices@fedex-alerts.com
Note 2: To know which the spoofing email address used for the desired scenario is, go to the Content Gallery and preview it (see the "Email address" field) or send yourself a test and you will see the address of the received email.
7. Click Save.
8. Click Save in the new settings and wait 12 hours until changes are replicated. If there are few accounts, the changes can be reflected instantly.
Note 3: Detection as Spam or Phishing by Google depends on dynamic factors beyond our control and this configuration may not work for all users assigned to the same campaign or for different campaigns and scenarios. However, the proposed configuration is recommended to reduce the chances of detection.