Whitelist by IP Address in Google Workspace

Note: Due to upcoming changes from Google, we recommend using Direct Message Injection (DMI) as your default whitelisting configuration. For more information about these changes, see Google's Gmail updates.

In this article, you can learn how to whitelist KnowBe4's emails by IP address in Google Workspace. Whitelisting can help you ensure that your users receive our simulated phishing tests and training notifications.

Important: To ensure that your user opens are being tracked properly, you may need to add our phish link domains to your Google Workspace’s Image URL proxy allowlist. For more information, see Google’s Set up an image URL proxy allowlist article.

We only recommend whitelisting by IP address if you don't have a cloud-based spam filter. If you have a cloud-based spam filter, we recommend whitelisting by email header instead.  For more information, see our Whitelisting by Header in Google Workspace or Whitelisting Guide articles.

Note:This article contains our recommendations for whitelisting in Google Workspace, but Google Workspace may make changes to its features at any time. If you’re experiencing issues with whitelisting by using the instructions below, please contact our support team.

Add KnowBe4's IP Addresses to Email Whitelist

To whitelist our IP addresses, you'll need to add our IP addresses to your email whitelist in Google Workspace.

To add our IP addresses to your email whitelist, follow the steps below.

  1. Log in to your Google Workspace Admin console and click Apps Google WorkspaceGmail.
  2. Click Spam, Phishing and Malware.
    Tip: If you use an older version of Google Workspace, you may need to click the Advanced settings button to see this option.
  3. In the Organizational Unit section of the page, select your domain.
    Note:Google Workspace only allows whitelisting by IP address for an entire domain, so you're unable to whitelist by IP Address for individual organizational units (OUs).
  4. In the Email whitelist section, enter our IP addresses separated by commas. For the most up-to-date list of our IP addresses, see the IP Addresses, Hostnames, and Header Information section of our Whitelisting Guide article.
  5. Click Save.

Add KnowBe4's IP Addresses as Inbound Gateways

When your users receive a simulated phishing email from KnowBe4, banners may display in Gmail to say "This message seems dangerous" or "Be careful with this message". To prevent these banners from displaying, we recommend that add our IP addresses as inbound gateways. 

To add our IP addresses as inbound gateways, follow the steps below:

Important:While we've found that these steps help to prevent Google banners from displaying, these steps aren't documented as a whitelisting recommendation by Google.
  1. Log in to your Google Workspace Admin console.
  2. Follow step 2 through step 4 in the Add KnowBe4's IP addresses to Email Whitelist section above. These steps will take you to your Spam, Phishing and Malware settings.
  3. Configure the Inbound gateway.
  4. Fill out your information to match the screenshot below:
    1. IP addresses/ranges: Enter KnowBe4's IP addresses. For the most up-to-date list of our IP addresses, see the IP Addresses, Hostnames, and Header Information section of our Whitelisting Guide article.
    2. Ensure the Reject all mail not from gateway IPs check box isn't selected. 
      Note:The Automatically detect external IP setting may interfere with whitelisting for KnowBe4. Unless you use other IP addresses that require you to enable this setting, we recommend that you don't select the Automatically detect external IP check box. For more information, see Google's Set up an inbound mail gateway article.
    3. Select the Require TLS for connections from the email gateways listed above check box.
    4. Select the Message is considered spam if the following header regexp matches check box. Then, enter a spam header tag that is unlikely to be found in a Phishing Security Test email. For example, you could enter random letters such as "kzndsfgklinjvsdnfioasm".
    5. Select the Disable Gmail spam evaluation on mail from this gateway; only use header value check box.
  5. Click Save. This setting may take up to an hour to deploy to all of your users.
Note:Before creating simulated phishing tests, you should also disable the return-path header in your KSAT Account Settings. For more information, see our How to Change the Return-Path Header in Your Account Settings article.
Tip: To ensure that you have whitelisted correctly, see our How to Verify You Have Whitelisted KnowBe4 Correctly article.

Can't find what you're looking for?

Contact Support