Whitelist by Email Header in Google Workspace

Note: Due to upcoming changes from Google, we recommend using Direct Message Injection (DMI) as your default whitelisting configuration. For more information about these changes, see Google's Gmail updates.

If your organization uses Google Workspace, you can whitelist by email header. To whitelist by email header, you'll need to apply a Content Compliance rule to emails that contain KnowBe4's email header. This rule will allow our simulated phishing emails to be delivered to your user's inboxes.

Important: To ensure that your user opens are being tracked properly, you may need to add our phish link domains to your Googe Workspace’s Image URL proxy allowlist. For more information, see Google’s Set up an image URL proxy allowlist article.
Note:We only recommend this setting if your organization uses a cloud-based spam filter for Google Workspace. If you're using Google Workspace for your email without an additional spam filter, you can instead whitelist by IP address. For more information, see our Whitelisting by IP Address in Google Workspace article. You will also need to whitelist KnowBe4's IP addresses or hostnames in your cloud-based spam filter to make sure emails are delivered successfully.
Note:This article reflects our most up-to-date best practices for whitelisting with your provider. Please be aware that your mail service provider may make changes to how their systems analyze our emails at any time. If you are having issues whitelisting using the procedure below, contact our support team.

To whitelist KnowBe4 by email header in Google Workspace, follow the steps below:

  1. Log in to your Google Admin account and click Apps.
  2. Click Google Workspace.
  3. In the Showing status for apps in all organizational units area, click Gmail.
  4. In the Gmail area, click Compliance.
  5. Navigate to the Content Compliance section.
  6. Click Add a rule.
    Note:If you have previously created a Content Compliance rule, this option will be called Add Another Rule.
  7. In the Email messages to affect field, select the Inbound checkbox and the Internal - receiving check box.
  8. Under the Expressions tab, click the first drop-down menu.
  9. From the first drop-down menu, select if ANY of the following match the message.
  10. Click Add.
  11. Undate the settings in the Add expressions that describe the content you want to search for in each message area. For more information about these settings, see the screenshot and list below:
    1. From the first drop-down menu, select Advanced content match.
    2. In Location field, select Full headers.
    3. In the Match type field, select Contains text.
    4. In the Content field, enter the header text. The default KnowBe4 header is "X-PHISHTEST".
      Note:For enhanced security, we recommend that you change the default header to a custom header or header token. You can change the header settings in your KSAT Account Settings. For more information, see our Account Settings Guide article.
    5. Click SAVE.
  12. In the If the above expressions match, do the following field, select the Bypass spam filter for this message check box under Spam.

We recommend setting up a test phishing campaign for yourself or a small group of users. This test phishing campaign can help ensure that your whitelisting was successful. The setting may take up to an hour to deploy to all users so wait at least an hour before testing. If you experience whitelisting issues after following the steps above, contact our support team.

Note:If your organization uses Google Workspace, you’ll also need to disable the return-path header in your KSAT Account Settings before sending phishing tests. For more information, see our How to Change the Return-Path Header in Your Account Settings.
Tip: To ensure that you have whitelisted correctly, see our How to Verify You Have Whitelisted KnowBe4 Correctly article.

Can't find what you're looking for?

Contact Support