Google admin safelisting guide

Google Admin Configuration Settings for BullPhish ID to Ensure Phishing Simulation E-mail Template Delivery

You must take several steps to deliver BullPhish ID email templates successfully. This is a direct result of Google's competency at pre-filtering, quarantining, flagging, and notifying end users of potentially malicious activities in their inboxes. This is great for your organization but can also make things tedious when trying to deploy tools designed to simulate malicious activity for your employees.

The following guide ensures you take the necessary steps to successfully deliver BullPhish ID emails based on standard Google Admin configurations. Perform the steps in the order presented. As a note, this is in addition to the safelist if you have third-party spam filters deployed in your environment.

Setting the BullPhish ID IP Address as an Inbound Gateway

  1. Log into the admin console for your G-Suite account.
  2. In the navigation menu, select Apps > Google Workspace > Gmail.
    Google
  3. Scroll down and click Spam, Phishing, and Malware.
    Google
  4. In the Email Allowlist section, hover in the upper-right corner and click the edit icon.
    Google
  5. Copy the following IP addresses all at once (each must be separated by a comma).
    168.245.13.192, 34.237.252.20

NOTE  168.245.13.192 is needed only if you are using Dark Web ID as well as BullPhish ID.

  1. In the Enter the IP addresses for your email allowlist field, paste the IP addresses.

  2. Click Save.
  1. Scroll to the Spam section and click Configure.
    Google
  2. In the Add setting modal, in the required description field, enter a description, for example BullPhish ID.
    Google
  3. In the Options to bypass filters and warning banners section, verify the check boxes are selected for the following:
    • Bypass spam filters for internal senders.
    • Bypass spam filters for messages from senders or domains in selected lists.
      Google
  4. For the Bypass spam filters for messages from senders or domains in selected lists option, click Create or edit list.
    Google
  5. In the Manage address lists card, click Add Address List.
    Google
  6. In the Name field, enter a name for the list (e.g., BullPhish ID).
    Google
  7. Click Bulk Add Addresses.
    Google
  8. Download the list of available sending domains that you can use in your training and phishing campaigns. 
    1. In BullPhish ID, in the navigation menu, select Settings > Sending Domains.
      Register_app_17.png
    2. In the upper-right corner, click Export Sending Domains.
      Register_app_18.png
    3. Download the Sending_Domains.csv file to the desired location.
  9. Open the Sending_Domains.csv file in a text editor.  
    Register_app_19.png
  10. Edit the file:
    • Delete "Sending Domain", Status.
    • Delete all occurrences of Verified.
      Only the sending domains should remain, each separated by a comma (do not include a comma after the last domain).
      Google
  11. Copy all of the sending domains at once.
  12. In the Email address or domain name field, past the sending domains. Leave Require sender authentication selected.
    Google
  13. Click Add.
    Google
    The domains are listed and enabled in the Add address list modal.
    Google
  14. In the lower-right corner, click Save. The list you created is added to the Manage address lists table.
    Google
  15. In your browser, click the Spam, phishing, malware tab to navigate back to the Add setting modal.
    Google
  16. Under the Bypass spam filters for messages from senders or domains in selected lists option, click Use existing list.
    Google
  17. In the Select Address Lists modal, select the check box for your list.
    Google
  18. Click the X to close the modal. The list is added under the Bypass spam filters for messages from senders or domains in selected lists option.
    Google
  19. In the lower-right corner, click Save.

If you use email gateways, follow these steps to improve spam handling.

  1. In the Inbound gateway section, hover in the right corner and click the edit icon.
    Google
  2. Select Enable.
  3. In the Gateway IPs step, click Add.
    Google
  4. Copy the IP address 34.237.252.20. The phishing & training campaign emails are sent from this SMTP Server IP address.
  5. In the Add IP Address/Range modal, paste the IP address.

  6. Click Save. The IP address is listed in the Gateway IPs table.
     
  7. Perform this step only if you are using Dark Web ID as well as BullPhish ID:
    1. Click Add.
      Google
    2. Copy the IP address 168.245.13.192 and repeat steps 5 and 6.
  8. Clear the Reject all mail not from gateway IPs check box.

IMPORTANT  If you don't clear the Reject all mail not from gateway IPs check box, you may experience issues receiving email.

  1. In the Message Tagging section, select Message is considered spam if the following header regexp matches.
    Google
  2. Copy the following text: skjdlaklsioudulekkda
  3. In the Regexp field, paste the copied text.
    Google 
  4. Select the Disable Gmail Spam Evaluation on mail from this gateway; only use header value check box.
    Google
  5.  In the lower-right corner, click Save.
    Google

Configuring an image URL proxy safelist

When your users open email messages, Gmail uses Google's secure proxy servers to serve images that might be included in these messages. It protects your users and domain against image-based security vulnerabilities and hides the IP address and User-Agent header. We have to safelist our domains to have proper E-mail Opened status tracking and information about IP address and User-Agent.

  1. Log in to your Google Admin console.
  2. In the navigation menu, select Apps > Google Workspace > Gmail.
  3. Scroll down and click End User Access.
    Google
  4. In the Organizational Units list, select your top-level organization.
    Google
  5. In the End User Access card, in the Image URL proxy allowlist section, hover in the right corner and click the edit icon.
    Google
  6. Copy the following URLs all at once.
    service-noreply.info/
    bpidtr.com/
  7. In the Enter image URL patterns field, paste the URLs. Make sure each appears on its own line.
    Google
  8. In the bottom-right corner, click Save. Changes may take up to 24 hours to propagate to all users.

Allow listing BullPhish ID by E-mail Header

In addition to setting BullPhish ID IP Addresses as inbound gateways, end users may still experience the following warning in their inboxes:
16.PNG

  1. Select  Apps > Google Workspace > Gmail.
  2. Scroll down and click Routing.
    Google
  3. For the Routing setting, click Configure.
    Google
  4. In the Add setting modal, in the Routing field, enter BullPhish ID.
  5. In 1. Email messages to affect, select Inbound.
    Google
  6. In 2. For the above types of messages, do the following leave Modify message selected.
  7. In the Headers section, select Add custom headers.
  8. In the Custom Headers section, click Add.
    Google
  9. In the Add Setting modal:
    • X-Header key: enter Mailer.
    • Header value: enter Bullphish.
    • Click Save.

  10. Under Spam, select Bypass spam filter for this message.
    Google
  11. At the bottom of modal, click Show options.
    Google
  12. Under section A. Address lists, select Use address lists to bypass or control the application of this settingand then select the Only apply this setting for specific addresses/domains.
    Google
  13. Click Use existing list.
    Google
  14. Select your list.
    Google
  15. Click the X to close the modal.
  16. In the lower-right corner of the Add setting modal, click Save.

 

Revision Date
Guide audited, updated.  7/7/23
Updated BPID IP address list. 10/19/23
PR: Configuring email gateways: Edited steps 4 - 7 so required IP address is done first. Step 8 - Added Important note. 3/22/24