User Tools

Site Tools


Sidebar

LUCY MANUAL Applies to LUCY versions above 4.7

gsuite_whitelisting

G Suite Whitelisting

There are several options in G Suite that can be adjusted to improve Phishing Simulation Experience.

Whitelisting emails from LUCY.

Whitelist LUCY to receive emails from the appliance.

Log into admin.google.com, go to "Apps".

Go to "G Suite".

Go to "Gmail".

Go to "Advanced settings" at the very bottom.

Add LUCY IPv4 to "Email Whitelist".

As the result of steps above, G Suite will not reject email messages from LUCY host, however, if you do not want them to be considered as spam, please do some additional steps:

Go to Inbound Gateway configuration on the same menu.

  • Add a description for the rule (e.g. "LUCY Phishing Simulation").
  • Add LUCY IPv4, click save.
  • Activate Message Tagging.

  • Add a random set of symbols to the Regular Expression field. Only emails with a header like this expression will be considered as spam.
  • Scroll a little bit down and check "Disable Gmail spam evaluation on mail from this gateway; only use header value".

Click "Add Setting"

In the end, Inbound Gateway setting should look like on the screenshot below.

Do not forget to save the settings. "Save" button should appear in the right bottom of the screen.

Bypassing spam by Email Header.

Inside of a campaign, it is possible to set a custom X-Mailer Header. G Suite can analyze the header to bypass SPAM detection.

Steps to configure: Log into admin.google.com, go to "Apps".

Go to "G Suite".

Go to "Gmail".

Go to "Advanced settings" at the very bottom.

Go to "Content Compliance" and click "Configure".

  • Add description (e.g. "Lucy Email Phishing")
  • Check "Inbound"
  • Check "Internal - receiving"
  • Select "If ANY of the following match the message"
  • Click Add Expression → Advanced content match → Headers + Body → Contains text.

  • Content → Input your LUCY X-Mailer Header1) (e.g. "LucyHeader") and click save.
  • Scroll down to the "Spam" section and activate "Bypass spam filter for this message".
  • Click "Add Setting"

Do not forget to save the settings. "Save" button should appear in the right bottom of the screen.

Suspicious link issue

Sometimes a warning pop-up window appears when you are trying to open link from LUCY email.

First of all, please enable SSL in LUCY campaign. More info can be found here.

It can be that Let's Encrypt certificate is not enough, so we recommend to obtain a paid certificate. You can contact our support team via support@lucysecurity.com or any SSL vendor you like.

However, there are known cases when even a paid certificate can not solve the issue. In this case, you can try to disable this pop-up on G Suite side. Untrusted domains from suspicious emails still will be not affected. "Gmail clients will show a warning prompt when users click on any link in email to untrusted domains (does not work on IMAP/POP email clients). If you don't activate this feature, warnings will only be shown for clicks to untrusted domains from suspicious emails."

Steps to configure: Log into admin.google.com, go to "Apps".

Go to "G Suite".

Go to "Gmail".

Go to "Safety".

Go to "Links and external images".

Deactivate "Show warning prompt for any click on links to untrusted domains" and click "Save".

Gsuite can scan links inside of phishing simulation emails which can cause false-positives. The feature is called "IMAP view time protections".

1)
LUCY X-Mailer Header is being configured in your campaign, message section, find more here
gsuite_whitelisting.txt · Last modified: 2020/12/22 18:22 by lucy