====== Google Workspace Whitelisting ====== There are several options in G Suite that can be adjusted to improve the Phishing Simulation Experience. ====== Whitelisting emails from LUCY. ====== Whitelist LUCY to receive emails from the appliance. Log into [[http://admin.google.com|admin.google.com]], go to **"Apps"**: {{::appsgs.png?600|}} Navigate to **"Google Workspace"**: {{::googleworkspace.png?600|}} Go to **"Gmail"**: {{::3_gmail.png.png?600|}} Choose the **"Spam, phishing, and malware"** at the very bottom of the list: {{ spamphishingmalware.png?600 |}} Add LUCY IPv4 to **"Email Whitelist"**. Click **"Save"** {{ emailwhitelist.png?600 |}} As the result of steps above, G Suite will not reject email messages from LUCY host, however, if you do not want them to be considered as spam, please do some additional steps: Go to **"Inbound Gateway"** configuration on the same menu. {{ inboundgateway0001.png?600 |}} * Add LUCY IPv4. * Activate Message Tagging. * Add a random set of symbols to the Regular Expression field. Only emails with a header like this expression will be considered as spam. * Check "//Disable Gmail spam evaluation on mail from this gateway; only use header value//". * Click **"Save"** {{ inboundgateway.png?600 |}} ======Bypassing spam by Email Header.====== Inside of a campaign, it is possible to set a custom X-Mailer Header. G Suite can analyze the header to bypass SPAM detection. Steps to configure: Log into [[http://admin.google.com|admin.google.com]], go to **"Apps"**. {{::appsgs.png?600|}} Go to **"Google Workspace"**. {{::googleworkspace.png?600|}} Go to **"Gmail"**. {{::3_gmail.png.png?600|}} Go to **"Compliance"** at the very bottom. {{ compliance.png?600 |}} Go to **"Content Compliance"** and click **"Configure"**. {{ contentcompliance.png?600 |}} * Add description (e.g. "Lucy Email Phishing") * Check **"Inbound"** * Check **"Internal - receiving"** * Select **"If ANY of the following match the message"** {{ addsettingcompliance.png?600 |}} * Click **Add Expression** -> **Advanced content match** -> **Headers + Body** -> **Contains text**. * Content -> Input your LUCY X-Mailer Header((LUCY X-Mailer Header is being configured in your campaign, message section, find more [[mail_settings|here]])) (e.g. "LucyHeader") and click **Save**. {{ addexpression.png?600 |}} * Scroll down to the **"Spam"** section and activate **"Bypass spam filter for this message"**. * Click **"Save"**. {{ spam.png?600 |}} ====== Suspicious link issue ====== Sometimes a warning pop-up window appears when you are trying to open link from LUCY email. {{ 14_suspicious_link.png?600 |}} First of all, please enable SSL in LUCY campaign. More info can be found [[ssl_configuration|here]]. It can be that Let's Encrypt certificate is not enough, so we recommend to obtain a paid certificate. You can contact our support team via support@lucysecurity.com or any SSL vendor you like. However, there are known cases when even a paid certificate can not solve the issue. In this case, you can try to disable this pop-up on G Suite side. Untrusted domains from suspicious emails still will be not affected. "Gmail clients will show a warning prompt when users click on any link in email to untrusted domains (does not work on IMAP/POP email clients). If you don't activate this feature, warnings will only be shown for clicks to untrusted domains from suspicious emails." Steps to configure: Log into [[http://admin.google.com|admin.google.com]], go to **"Apps"**. {{::appsgs.png?600|}} Navigate to **"Google Workspace"**: {{::googleworkspace.png?600|}} Go to **"Gmail"**. {{::3_gmail.png.png?600|}} Go to **"Safety"**. {{ 15_safety.png?600 |}} Go to **"Links and external images"**. {{ :16_links_and_external_images.png?600 |}} Deactivate **"Show warning prompt for any click on links to untrusted domains"** and click **"Save"**. {{ :17_deactivate_warning_prompt.png?600 |}} Gsuite can scan links inside of phishing simulation emails which can cause false-positives. The feature is called **"IMAP view time protections"**. {{ :imap_view_protections.png?600 |}}