User Tools

Site Tools


gsuite_whitelisting

Google Workspace Whitelisting

There are several options in G Suite that can be adjusted to improve the Phishing Simulation Experience.

Whitelisting emails from LUCY.

Whitelist LUCY to receive emails from the appliance.

Log into admin.google.com, go to "Apps":

Navigate to "Google Workspace":

Go to "Gmail":

Choose the "Spam, phishing, and malware" at the very bottom of the list:

Add LUCY IPv4 to "Email Whitelist". Click "Save"

As the result of steps above, G Suite will not reject email messages from LUCY host, however, if you do not want them to be considered as spam, please do some additional steps:

Go to "Inbound Gateway" configuration on the same menu.

  • Add LUCY IPv4.
  • Activate Message Tagging.
  • Add a random set of symbols to the Regular Expression field. Only emails with a header like this expression will be considered as spam.
  • Check "Disable Gmail spam evaluation on mail from this gateway; only use header value".
  • Click "Save"

Bypassing spam by Email Header.

Inside of a campaign, it is possible to set a custom X-Mailer Header. G Suite can analyze the header to bypass SPAM detection.

Steps to configure: Log into admin.google.com, go to "Apps".

Go to "Google Workspace".

Go to "Gmail".

Go to "Compliance" at the very bottom.

Go to "Content Compliance" and click "Configure".

  • Add description (e.g. "Lucy Email Phishing")
  • Check "Inbound"
  • Check "Internal - receiving"
  • Select "If ANY of the following match the message"

  • Click Add ExpressionAdvanced content matchHeaders + BodyContains text.
  • Content → Input your LUCY X-Mailer Header1) (e.g. "LucyHeader") and click Save.

  • Scroll down to the "Spam" section and activate "Bypass spam filter for this message".
  • Click "Save".

Suspicious link issue

Sometimes a warning pop-up window appears when you are trying to open link from LUCY email.

First of all, please enable SSL in LUCY campaign. More info can be found here.

It can be that Let's Encrypt certificate is not enough, so we recommend to obtain a paid certificate. You can contact our support team via support@lucysecurity.com or any SSL vendor you like.

However, there are known cases when even a paid certificate can not solve the issue. In this case, you can try to disable this pop-up on G Suite side. Untrusted domains from suspicious emails still will be not affected. "Gmail clients will show a warning prompt when users click on any link in email to untrusted domains (does not work on IMAP/POP email clients). If you don't activate this feature, warnings will only be shown for clicks to untrusted domains from suspicious emails."

Steps to configure: Log into admin.google.com, go to "Apps".

Navigate to "Google Workspace":

Go to "Gmail".

Go to "Safety".

Go to "Links and external images".

Deactivate "Show warning prompt for any click on links to untrusted domains" and click "Save".

Gsuite can scan links inside of phishing simulation emails which can cause false-positives. The feature is called "IMAP view time protections".

1)
LUCY X-Mailer Header is being configured in your campaign, message section, find more here
gsuite_whitelisting.txt · Last modified: 2021/12/21 19:41 by lucy