Allowlisting in Google Workspace

Note: As of early 2024, Google has recently deployed updates to their email services to improve security. More information can be found here. Please ensure that your organization’s allowlisting is aligned with the guidance in this article.

Included below are the steps for allowlisting in Google Workspace. There are three sections, one for each of the two policies you’ll be setting up and one for additional things to note about using Infosec IQ with Google Workspace:

• Allowlisting Infosec IQ IP Addresses
• Bypass Spam Filter and Banner Messages
• Inbound Gateway
• Additional Information

Note: It can take up to an hour for changes made in Google Workspace to take effect. You can track changes in the Admin console audit log. The content for this article can be found on Google’s G Suite Admin Help site.

Allowlisting Infosec IQ IP Addresses

To complete these steps, you’ll need the list of Infosec IQ sending IP addresses found under Account Settings > Email Settings.

1. From the Google Workspace Admin dashboard, click Apps > Google Workspace > Gmail > Spam, Phishing and Malware.
   
   

   Image-3.png906×273 9 KB
2. Open the Email Allowlist setting and enter the Infosec IQ sending IP addresses separated by commas.
   
   

   image.png1176×313 23.6 KB
3. Click Save.

Bypass Spam Filter and Banner Messages

Bypassing the Spam Filter and Banner Messages ensures that Infosec emails are not detonated as part of the delivery process (causing false positives), quarantined, bounced or classified as spam (preventing delivery). Additionally it will suppress banners added to the top of emails tipping users off to their suspicious nature.

1. Before jumping into Google, first you’ll want to collect the IPs and domains you’ll need to allowlist with from the Infosec IQ Admin Dashboard.
   • Go to PhishSim > Phishy Domains and click Download Phishy Domains to get a complete list of Phishy Domains,
   • Click the gear icon > Account Settings > Email Settings, and take note of the seven IP Addresses
2. From the Google Workspace Admin dashboard, click Apps > Google Workspace > Gmail > Spam, Phishing and Malware.
   
   

   Image-3.png906×273 9 KB
3. Under Spam, click “Add (Another) Rule” and give the rule a name (e.g. Infosec IQ Spam Filter and Banner Message Bypass)
   
   

   image.png1566×888 91.4 KB
4. Under Bypass spam filters and hide warnings for messages from senders or domains in selected lists click Create or edit list. This will open in a new tab. On the Manage address lists page that opened, click Add Address List.
5. Give the address list a name (e.g. “Infosec IQ Domains”), and then select Add Address.
6. Enter securityiq-notifications.com and then click Bulk Add Addresses.
7. Copy and paste the list of Infosec IQ Phishy domains collected earlier into the field and click Save. (Note: This list should contain 50 to 200 domains depending on your region. This is NOT the seven sending domains from the account settings page. See step one to retrieve the correct list of domains)
   
   

   image.png814×1125 43.5 KB
8. With the list of domains created, return to the Spam, phishing and malware browser tab that should still be open. You should see the rule you started creating already open.
9. Check only the box that says Bypass spam filters and hide warnings for messages from senders or domains in selected lists and click where it says Use existing list underneath it. Select the list you just created (eg “Infosec IQ Phishy Domains”)
   
   

   image.png652×961 51.7 KB
10. Click Save

Inbound Gateway

Inbound Gateway is feature in Google Workspace to be used when email has been pre-processed in some way. It’s most often used when a third party mail filter in place. For Infosec IQ, we implement this policy to prevent our phishy emails from being put under the microscope for their large volume.

1. From the Google Workspace Admin dashboard, click Apps > Google Workspace > Gmail > Spam, Phishing and Malware.
   
   

   Image-3.png906×273 9 KB
2. Click Inbound Gateway and check the Enable box
   
   

   image.png1584×889 82.6 KB
3. Add each of the Infosec IQ sending IP addresses by clicking Add under the Gateway IPs section. These IP addresses need to be added individually.
4. -Optional- It is not required to check the box that says Require TLS for connections from the email gateways listed above. We recommend it as it will provide a more secure channel of transport for our emails but it is not necessary. If your organization already has IP addresses in the Inbound Gateway without TLS required we recommend not changing your current configuration, You may leave the other three boxes unchecked

Note: If your organization is already using the Inbound Gateway for other purposes, it’s still possible our IPs can be safely and successfully added alongside your existing policy.

5. Review your settings against the image below:
   
   

   image.png1204×962 42.7 KB
6. Click Save

Additional Information

There are a couple of things to keep in mind prior to sending out your first PhishSim campaign:

Attachment Attacks

There is currently no way for Google Admins to allow attachment attacks being sent from Infosec IQ. All attachment attacks will be blocked by google.

Suspicious Link Pop-up

There may be times when a learner will see the below warning message pop-up after clicking on a link:

This specific pop-up cannot be suppressed for emails sent by Infosec IQ; it can only be be turned on or off for all emails received. We don’t recommend turning this setting off as it does serve a purpose. If a learner sees this pop-up, they have already been reported as clicking on a link, “phished”, in Infosec IQ.