Menu English (US) Čeština Dansk Deutsch Español (Latinoamérica) Español (España) Suomi Français (Canada) Français (France) हिंदी Magyar Bahasa Indonesia Italiano 日本語 한국어 Bahasa Melayu Nederlands Norsk Polski Português do Brasil Português (Portugal) Română Русский svenska ไทย Türkçe Українська Tiếng Việt 简体中文 繁體中文

Whitelisting by IP Address in Google Workspace

Updated:

Created:

How to Whitelist by IP Address in Google Workspace

In this article, you can learn how to whitelist KnowBe4's emails by IP address in Google Workspace. Whitelisting can help you ensure that your users receive our simulated phishing tests and training notifications.

We only recommend whitelisting by IP address if you don't have a cloud-based spam filter. If you have a cloud-based spam filter, we recommend whitelisting by email header instead.  For more information, see our Whitelisting by Header in Google Workspace or Whitelisting Data and Anti-Spam Filtering Information articles.

Note: To ensure that your user opens are being tracked properly, you may need to add our phish link domains to your Google Workspace’s Image URL proxy allowlist. For more information, see Google’s Set up an image URL proxy allowlist article.
Note: This article contains our recommendations for whitelisting in Google Workspace, but Google Workspace may make changes to its features at any time. If you’re experiencing issues with whitelisting by using the instructions below, please contact our support team.

Jump to:

Add KnowBe4's IP addresses to Email Whitelist

Add KnowBe4's IP addresses as Inbound Gateways

 

Add KnowBe4's IP addresses to Email Whitelist

To whitelist our IP addresses, you'll need to add our IP addresses to your email whitelist in Google Workspace.

To add our IP addresses to your email whitelist, follow the steps below. These steps are based on Google's Email Whitelist in Google Workspace page.

  1. Log in to your Google Workspace Admin console and click Apps.
  2. Click Google Workspace.
  3. In the Showing status for apps in all organizational units area, click Gmail.
  4. Click Spam, phishing, and malware.
    Tip: If you use an older version of Google Workspace, you may need to click the Advanced settings button to see this option.
  5. In the Organizational Unit section of the page, select your domain.

    Note: Google Workspace only allows whitelisting by IP address for an entire domain, so you're unable to whitelist by IP Address for individual organizational units (OUs).

  6. In the Email whitelist section, enter our IP addresses separated by commas. For the most up-to-date list of our IP addresses, see the IP Addresses, Hostnames, and Header Information section of our Whitelisting Data and Anti-Spam Filtering Information article.
  7. Click SAVE.

Next, see the section below to add our IP addresses as inbound gateways.

Back to top

 

Add KnowBe4's IP addresses as Inbound Gateways

When your users receive a simulated phishing email from KnowBe4, banners may display in Gmail to say "This message seems dangerous" (click to view) or "Be careful with this message" (click to view).To prevent these banners from displaying, we recommend that add our IP addresses as inbound gateways. 

To add our IP addresses as inbound gateways, follow the steps below:

Note: While we've found that these steps help to prevent Google banners from displaying, these steps aren't documented as a whitelisting recommendation by Google.
  1. Log in to your Google Workspace Admin console.
  2. Follow step 2 through step 4 in the Add KnowBe4's IP addresses to Email Whitelist section above. These steps will take you to your Spam, phishing, and malware settings.
  3. In the Organizational Unit section of the page, select your domain.
  4. Click Inbound Gateway. 
  5. Select the Enable check box to open the Inbound gateway page.
  6. Configure the Inbound gateway. For more information, see the screenshot and list below:

    1. Gateway IPs: Enter KnowBe4's IP addresses. For the most up-to-date list of our IP addresses, see the IP Addresses, Hostnames, and Header Information section of our Whitelisting Data and Anti-Spam Filtering Information article.
    2. Don't select the Reject all mail not from gateway IPs check box.

      Note: The Automatically detect external IP setting may interfere with whitelisting for KnowBe4. Unless you use other IP addresses that require you to enable this setting, we recommend that you don't select the Automatically detect external IP check box. For more information, see Google's Set up an inbound mail gateway article.

    3. Select the Require TLS for connections from the email gateways listed above check box.
    4. In the Message Tagging field, enter a Spam Header Tag that is unlikely to be found in a PST email. For example, you could enter random letters such as "kzndsfgklinjvsdnfioasm".
    5. Select the Disable Gmail spam evaluation on mail from this gateway; only use header value check box.
    6. Click the SAVE button.

This setting may take up to an hour to deploy to all of your users. After at least an hour, we recommend that you set up a test phishing campaign for yourself or a small group of users. This test phishing campaign can help you make sure that your whitelisting was successful.

Note: Before creating simulated phishing tests, you should also disable the return-path header in your KMSAT Account Settings. For more information, see our How to Change the Return-Path Header in Your Account Settings article.
Note: To ensure that you have whitelisted correctly, see our How to Verify You Have Whitelisted KnowBe4 Correctly article.

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles