# Google Workspace Whitelisting

Several options in Google Workspace can be adjusted to improve the phishing simulation experience with Lucy. Follow the steps below to whitelist emails and ensure they are not flagged as spam.

***

### **Whitelisting Emails from Lucy**

**Log into Google Admin Console:**

* Go to [admin.google.com](https://admin.google.com).
* Navigate to "Apps".
* Navigate to Google Workspace
* Click on "Gmail".

<figure><img src="https://3536856424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVYPsDfg76rUuy4DWfSsJ%2Fuploads%2FztM8FcuRQfbrI93KkzNI%2Fimage.png?alt=media&#x26;token=cf0e50f8-586b-403a-a3e6-626847f332da" alt=""><figcaption></figcaption></figure>

* Scroll to the bottom and select "Spam, phishing, and malware".

<figure><img src="https://3536856424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVYPsDfg76rUuy4DWfSsJ%2Fuploads%2FghGEbizLDPbHZK4m4gHg%2Fimage.png?alt=media&#x26;token=0dba0bea-289d-4876-b9c9-74aad284eb6a" alt=""><figcaption></figcaption></figure>

* Add Lucy's IPv4 address to the "Email Allowlist".
* Click "Save".

<figure><img src="https://3536856424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVYPsDfg76rUuy4DWfSsJ%2Fuploads%2Fh5nWMexv4WGtWq5MqOTR%2Fimage.png?alt=media&#x26;token=39dc0263-c753-4d90-809a-b7aceddd1ef8" alt=""><figcaption></figcaption></figure>

***

### **Bypassing Spam by Email Header**

To ensure emails from Lucy are not flagged as spam, configure Google Workspace to bypass spam detection based on specific email headers.

{% hint style="warning" %}
If you whitelist using this method, [test emails](https://wiki.lucysecurity.com/application-reference/support/system-tests/test-email) will still not arrive because it will not contain these campaign headers.
{% endhint %}

**Compliance Settings:**

* Go back to -> Google Workspace -> Gmail - Scroll to the bottom and select "Compliance".

<figure><img src="https://3536856424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVYPsDfg76rUuy4DWfSsJ%2Fuploads%2FFVNYLYpyNvPX7Q1Eb85e%2Fimage.png?alt=media&#x26;token=1942bcf1-0622-4d7a-a315-aea28489f948" alt=""><figcaption></figcaption></figure>

Scroll down to "Content Compliance"

* Click "Configure".

<figure><img src="https://3536856424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVYPsDfg76rUuy4DWfSsJ%2Fuploads%2FWgYd5nEuUJfxcFv64PXI%2Fimage.png?alt=media&#x26;token=45f95cab-1928-4b1f-b846-df6966ba9e3a" alt=""><figcaption></figcaption></figure>

**Add Compliance Rule:**

* Add a description (e.g., "Lucy Email Phishing").
* Check "Inbound" and "Internal - receiving".
* Select "If ANY of the following match the message".

<figure><img src="https://3536856424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVYPsDfg76rUuy4DWfSsJ%2Fuploads%2FHvGCdOoSMy3V3t72q03o%2Fimage.png?alt=media&#x26;token=7c9e841a-5f6d-43e1-919e-d9fc7b7aaad5" alt="" width="563"><figcaption></figcaption></figure>

* Click "Add" → Advanced content match → Headers + Body → Contains text.
* In "Content", input your Lucy X-Mailer Header (default is "X-Lucy-VictimUrl") and click "Save".

<figure><img src="https://3536856424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVYPsDfg76rUuy4DWfSsJ%2Fuploads%2FecWYC3dXDkuQBTG8uYDD%2Fimage.png?alt=media&#x26;token=4e469a5a-f11d-49c2-91be-433f7c23bbb4" alt="" width="563"><figcaption></figcaption></figure>

* Scroll down to the "Spam" section and activate "Bypass spam filter for this message".
* Click "Save".

<figure><img src="https://3536856424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FVYPsDfg76rUuy4DWfSsJ%2Fuploads%2FJimKNFOb102pPML74K6r%2Fimage.png?alt=media&#x26;token=d1f00752-19fe-43b4-ad88-1052938e54b6" alt="" width="563"><figcaption></figcaption></figure>

***

### **Addressing Suspicious Link Issues**

Sometimes, a warning pop-up window appears when trying to open a link from a Lucy email. To mitigate this:

**Enable SSL in Lucy Campaign:**

* Ensure SSL is enabled in your Lucy campaign.

{% hint style="info" %}
Refer to our platform reference article on [campaign SSL settings.](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#ssl-settings)
{% endhint %}

**Consider a Paid Certificate:**

* If the Let's Encrypt certificate is not sufficient, consider obtaining a paid certificate. Contact any SSL vendor you prefer and [upload your SSL certificate](https://wiki.lucysecurity.com/application-reference/campaigns/campaign-settings/main-settings/attack-simulation#generate-or-upload) to the campaign.

***

### **Disable Warning Prompts:**

If issues persist, you can disable the warning prompt for links to untrusted domains in Google Workspace. Follow these steps:

* Log into [admin.google.com](https://admin.google.com).
* Navigate to "Apps".
* Select "Google Workspace".
* Go to "Gmail".
* Select "Safety".
* Go to "Links and external images".
* Deactivate "Show warning prompt for any click on links to untrusted domains".
* Click "Save".