Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

Whitelisting by IP Address in Google Workspace

Updated:

Created:

How to Whitelist by IP Address in Google Workspace

The below instructions will show you how to whitelist KnowBe4's simulated phishing emails and training notifications by IP address in your Google Workspace environment. This setting is recommended if you do not have a cloud-based spam filter in front of Google Workspace. If you do have a cloud-based spam filter, see our Whitelisting Data and Anti-Spam Filtering Information and Whitelisting by Header in Google Workspace articles for more information on whitelisting our IP addresses and email headers.

Please note that this article reflects our most up-to-date best practices for whitelisting with your provider. Please be aware that your mail service provider may make changes to how their systems analyze our emails at any time. If you are having issues whitelisting using the procedure below, please contact our support team and they will be happy to assist you.

This method of whitelisting is a two-part process:

 

Part 1: Add KnowBe4's IP addresses to Email Whitelist

Below are instructions on how to set up your IP allow list for Google Workspace. These instructions were gathered from Email Whitelist in Google Workspace.

  1. Log in to https://admin.google.com and click Apps.
  2. Click Google Workspace.
  3. Click Gmail.
  4. Click Spam, Phishing and Malware.
    Note: This setting may be under the Advanced settings button with older Google Workspace platforms.
  5. Under the Organizational Unit section, highlight your domain. Do not select an organizational unit (OU).

    Note: Google Workspace does not allow whitelisting by IP Address for individual OUs, only the entire domain.

  6. In the Email whitelist section, enter our IP addresses separated by commas. For the most up-to-date list of our IP addresses, see the IP Addresses, Hostnames, and Header Information section of our Whitelisting Data and Anti-Spam Filtering Information article.
  7. Click Save.

We recommend setting up a test phishing campaign for yourself or a small group after you follow the below steps to ensure your whitelisting was successful. The setting may take up to an hour to propagate to all users, so wait at least an hour before testing.

Back to top

 

Part 2: Add KnowBe4's IP addresses as Inbound Gateways

This method of whitelisting is to prevent the following Google banners from appearing in your user's inbox when they receive a simulated phishing test from KnowBe4:

This message seems dangerous

Be careful with this message

We have found that this process exempts KnowBe4 simulated phishing emails from the Gmail banner warnings. However, this is not documented by Google as a whitelisting recommendation.

  1. Log in to your Google Workspace Admin console.
  2. Navigate to Apps > Google Workspace > Gmail > Spam, Phishing and Malware.
  3. Under Organizational Unit, select your top-level organization (typically your primary domain) on the left.
  4. Scroll down to the Inbound Gateway setting. Click the setting and check the Enable checkbox. This will open the Inbound gateway screen.
  5. Configure the Inbound gateway using the settings below:

    1. Gateway IPs
      Add KnowBe4's IP addresses. For the most up-to-date list of our IP addresses, see the IP Addresses, Hostnames, and Header Information section of our Whitelisting Data and Anti-Spam Filtering Information article.
    2. Leave the Reject all mail not from gateway IPs option unchecked.

      Note: Unless you have IPs other than KnowBe4’s IP addresses, we recommend deselecting the Automatically detect external IP checkbox since this setting may interfere with whitelisting.

      For more information, see Google's Set up an inbound mail gateway article.

    3. Check Require TLS for connections from the email gateways listed above.
    4. Message Tagging
      Enter text for the Spam Header Tag that is unlikely to be found in a PST email. This field is required. For example, "kzndsfgklinjvsdnfioasmnfroipdsmfs".
    5. Select the Disable Gmail spam evaluation on mail from this gateway; only use header value checkbox.
    6. Click the SAVE button.

Back to top

Note: Google Workspace customers should also disable the return-path header in their KnowBe4 Account Settings prior to sending out phishing tests. For more information, see our How to Change the Return-Path Header in Your Account Settings article.

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles