Google Workspace Whitelisting

Several options in Google Workspace can be adjusted to improve the phishing simulation experience with Lucy. Follow the steps below to whitelist emails and ensure they are not flagged as spam.

Whitelisting Emails from Lucy

Log into Google Admin Console:

• Go to .

• Navigate to "Apps".

• Navigate to Google Workspace

• Click on "Gmail".

• Scroll to the bottom and select "Spam, phishing, and malware".

• Add Lucy's IPv4 address to the "Email Allowlist".

• Click "Save".

Bypassing Spam by Email Header

To ensure emails from Lucy are not flagged as spam, configure Google Workspace to bypass spam detection based on specific email headers.

Compliance Settings:

• Go back to -> Google Workspace -> Gmail - Scroll to the bottom and select "Compliance".

Scroll down to "Content Compliance"

• Click "Configure".

Add Compliance Rule:

• Add a description (e.g., "Lucy Email Phishing").

• Check "Inbound" and "Internal - receiving".

• Select "If ANY of the following match the message".

• Click "Add" → Advanced content match → Headers + Body → Contains text.

• In "Content", input your Lucy X-Mailer Header (default is "X-Lucy-VictimUrl") and click "Save".

• Scroll down to the "Spam" section and activate "Bypass spam filter for this message".

• Click "Save".

Addressing Suspicious Link Issues

Sometimes, a warning pop-up window appears when trying to open a link from a Lucy email. To mitigate this:

Enable SSL in Lucy Campaign:

• Ensure SSL is enabled in your Lucy campaign.

Consider a Paid Certificate:

Disable Warning Prompts:

If issues persist, you can disable the warning prompt for links to untrusted domains in Google Workspace. Follow these steps:

• Navigate to "Apps".

• Select "Google Workspace".

• Go to "Gmail".

• Select "Safety".

• Go to "Links and external images".

• Deactivate "Show warning prompt for any click on links to untrusted domains".

• Click "Save".