How to Whitelist by Content Compliance in Google Workspace and Google Apps
The instructions below show you how to whitelist our simulated phishing emails and training notifications by content compliance in your GSuite environment. This article reflects our most up-to-date best practices for whitelisting with your provider. Please be aware that your mail service provider may make changes to how their systems analyze our emails at any time. If you are having issues whitelisting using the procedure below, please contact our support team and they will be happy to assist you.
Content compliance is an alternative method to whitelisting via IP addresses. Use the method below if you have an existing inbound gateway to use the content compliance rule or if you are unable to configure the inbound gateway.
Step 1: Add our IP addresses to Google's Email Whitelist
Below are instructions on how to set up your IP allow list for Google Workspace and Google Apps.
1. Log in to https://admin.google.com and select Apps.
2. Select Google Workspace.
3. Select Gmail.
4. Select Spam, Phishing and Malware.
5. Under the Organizational Unit section, highlight your domain. Do not select a sub-organizational unit (OU).
Note: Google Workspace does not allow whitelisting by IP Address for individual OUs, only the entire domain.
- In the Email whitelist section, enter our IP addresses separated by commas. For the most up-to-date list of our IP addresses, please see this article.
- Click Save.
Part 2: Enabling Whitelisting by Content Compliance
Below are instructions to whitelist by content compliance policy.
- Log in to https://admin.google.com and select Apps.
- Select Google Workspace
- Select Gmail.
- Select Compliance.
- Scroll down to the Content compliance section. Click Add a Rule.
Configure the Content compliance rules using the settings below.
- Select the Inbound checkbox under Email Messages to Affect.
- Under the If ANY of the following match the message, create the following expression:
- Set the first expression to Metadata match.
- Set the Attribute to Source IP.
- Set the Match type to Source IP is within the following range.
- Add one of our IP addresses in the Source IP is within the following range field. For the most up-to-date list of our IP addresses, please see this article.
- Click Save.
- Repeat the three steps above for each of our IP addresses.
- Add another expression under If ANY of the following match the message with the settings defined below:
- Select Advanced content match from the first drop-down.
- Set the Location to Full headers.
- Set the Match type to Contains text.
- Set the Content to CSAServices.
- Click Save.
- Check the following checkboxes under If the above expressions match, do the following.
- Under Spam, select Bypass spam filter for this message.
- Under Encryption, select Require secure transport (TLS).
This setting may take up to an hour to propagate to all users.