Direct SMTP Setup in Google Workspace / G-Suite

Note: Direct SMTP is typically used in circumstances where traditional allowlisting is insufficient for bypassing all security measures. Your implementation specialist will help you determine if Direct SMTP is right for your environment.

Administrators can configure their SMTP server to route AwareEd and PhishSim emails directly to their employees’ inboxes. Enabling this option will help prevent false positives and ensure deliverability by bypassing any security scans that occur before delivery. This article will help administrators configure direct sending in their Gsuite environment:

Configure Direct SMTP Relay Service

  1. Login to Google Admin Console
    directsend_gsuite_1
  2. Select Apps
    directsend_gsuite_2
  3. Select Google Workspace
    googleworkspace
  4. Click on Gmail
    directsend_gsuite_4
  5. Scroll down to the bottom of the page and select Advanced Settings
  6. Navigate to the Routing section and locate SMTP Relay Service. Click configure or add another (depending on current set-up)
  7. In the Add Setting window:
    • Enter a Description (example: Direct SMTP sending for Infosec)
    • Select Any Addresses in the allowed senders dropdown menu
    • Check the box for Only accept mail from the specified IP address
    • Click Add IP Range and add the IP address of our application servers (note: you can only add one IP address at a time)
      • NA Instance: 52.1.22.105, 34.202.49.109
      • EU Instance: 54.155.87.88, 54.75.182.245
    • Check the box for Require TLS encryption
    • Click Add Setting
  8. Click Save in the bottom right-hand corner of the screen

Complete Allowlist Steps for New Email Stack

  1. Stay in the Advanced Settings for Gmail and locate the Email Allowlist section at the top

  2. Add the IP addresses of our application servers to the text box

    • NA Instance: 52.1.22.105, 34.202.49.109
    • EU Instance: 54.155.87.88, 54.75.182.245
  3. Add the domain to the spam policy

    • Click edit on the existing policy
    • Check the box next to Bypass spam filters… to add the domain to the approved senders lists
    • If you have a list created, click edit next to the list you would like to add the domain to. If you don’t have any lists created, click use existing or create a new one. If creating a new one, enter the name that you would like the list to be called and click create. Once created, click edit next ot the new list
      directsend_gsuite_8
    • Click Save in the bottom right corner
  4. Add our header value to Content Compliance policy to bypass spam filtering

    • Scroll down to Content Compliance and click Configure on the right.
    • Enter a name for this rule such as, “Infosec Header Bypass”
    • Complete the “Edit setting” Form as follows:
      • Email messages to affect: Inbound
      • Click Add to add the expression you want this policy to look for
        • In the first drop-down select Advanced content match
        • For Location select: Full Headers
        • Match Type select: Contains text
        • Content enter: X-PHISH
        • Save to return to the “Edit setting” dialog
    • If the above expressions match, do the following: Modify Message.
    • In the “Spam” section select: Bypass spam filter for this message.
    • Click Add Setting.
    • Click Save on the bottom right-hand corner of the page

Note: After completing the configuration changes above, please open a support ticket by clicking on the question mark in the bottom right-hand corner of your Infosec IQ admin portal. Once we have received the support ticket we can finalize the Direct SMTP sending configuration in your account.