Google Admin Configuration Settings for BullPhish ID to Ensure Phishing Simulation E-mail Template Delivery
You must take several steps to deliver BullPhish ID e-mail templates successfully. This is a direct result of Google's competency at pre-filtering, quarantining, flagging, and notifying end users of potentially malicious activities in their inboxes. This is great for your organization but can also make things tedious when trying to deploy tools designed to simulate malicious activity for your employees.
The following guide ensures you take the necessary steps to successfully deliver BullPhish ID e-mails based on standard Google Admin configurations. As a note, this is in addition to the safelist if you have third-party spam filters deployed in your environment.
A. Setting the BullPhish ID IP Address as an Inbound Gateway
1. Log in to the admin console for your G-Suite account.
2. Select the "Apps" section.
1. Select "Google Workspace" under the Apps.
2. Select "Gmail" under the Google Workspace.
3. Scroll down and select "Spam, Phishing, and Malware."
Add the IP addresses for BullPhish ID listed in the Deliverability section under "E-mail Whitelist."
4. Select Save from the bottom of the page.
5. On the same page, go to "Spam, phishing, and malware" Spam hovers to the right-hand side of the screen and select
6. Enter BullPhish ID under the Spam heading, and select the following:
Bypass spam filters for messages received from internal senders
- Bypass spam filters for messages received from addresses or domains within these approved senders' lists.
7. Click the "Create or edit list" link under bypass spam filters for messages received from addresses or domains within these approved sender's
8. You redirect to a new window, "Manage address lists."
9. Enter BPID as a list
10. Click "ADD ADDRESS" to add safe senders' e-mail addresses and domains listed in Sending Profiles.
11. Go back to the previous tab where the Edit setting window is open under Settings for Gmail » Spam, phishing, and malware.»
12. Click the "Use existing list" and select the BPID list you created in the previous
13. Click "X" to close the dialog box and click "Save."
14. Hover to the "Inbound gateway" right and click the edit.
15. Enter the IP addresses listed in the Deliverability section and click "Save" after each
- Scroll down to the "Message Tagging" section and select "Message is considered spam if the following header regexp matches."
- Enter the following text for the Spam header tag that is unlikely to be found in your phishing simulation or training e-mail. Example, skjdlaklsioudulekkda
- Check the "Disable Gmail Spam Evaluation on mail from this gateway; only use header value" checkbox.
NOTE: Confirm that the "Reject all mail not from gateway IPs" checkbox is disabled.
16. Select "ADD SETTING" and scroll down to click "SAVE."
B. Set up an image URL proxy Safelist
When your users open e-mail messages, Gmail uses Google's secure proxy servers to serve images that might be included in these messages. It protects your users and domain against image-based security vulnerabilities and hides the IP address and User-Agent header. We have to safelist our domains to have proper "E-mail Opened "status tracking and have information about IP address and User-Agent, cloudsurveillance.net/
Configure the Image URL proxy safelist setting:
1. Log in to your Google Admin console.
2. On the Admin console home page, go to Apps>Google Workspace>Gmail>End User Access.
3. From the left menu, select your top-level organization.
4. Scroll to the "Image URL proxy whitelist."
5. Click the "Edit."
Configure the Image URL proxy safelist setting:
6. Log in to your Google Admin console.
7. On the Admin console home page, go to Apps » Google Workspace » Gmail » End User Access.
8. From the left menu, select your top-level organization.
9. Scroll to the "Image URL proxy whitelist."
10. Click the "Edit."
11. Enter the following URLs in the "Enter image URL patterns. Matching URLs bypasses the image proxy."
Important: Each domain should be on the following line and contain the '/' character. Also, changes may take up to 24 hours to propagate to all users.
12. Click Save to save changes successfully.
C. Allow listing BullPhish ID by E-mail Header
In addition to setting BullPhish ID IP Addresses as inbound gateways, end users may still experience the following warnings in their inboxes:
To address this issue, please follow the steps below:
13. Log in to the admin console for your G-Suite
14. Select Apps » Google Workspace » Gmail
15. Scroll down to Routing.
16. Select "Configure" next to Routing under the "Routing."
17. Add Routing label - BullPhish ID.
18. Select "Inbound" for E-mail messages to affect.
19. In Step Two, select "Modify Message."
20. Select "Add custom headers" from Modify
21. Click on add the value mentioned in the below screenshot, i.e., X-Mailer: Bullphish.
22. Select the "Bypass spam filter for this message" checkbox from the Spam.
23. Scroll down to the bottom of the page and click on "Show."
24. Under section A, Address lists, select "Use address lists to bypass or control the application of this setting" and then select the "Only apply this setting for specific addresses/domains" radio button.
25. Then select "Use existing list" and choose the list you created in the previous section of this
26. Click "Save" to save your
1. IP Safelisting
To ensure the delivery of your campaigns, safelist the following IP addresses on your e-mail exchange and any third-party spam protection services for all intended targets. Otherwise, there is a significantly higher chance that spam filters may block or reject campaign e-mails.
- 245.13.192 (SendGrid IP - Needed for sending of notification e-mails)
- 237.252.20 (New SMTP Server IP- Where we send Phishing & Training E-mails from)
- 211.230.155 (NAT gateway IP - IP address of background processes that initiate sending Phishing & Training Emails)
- 223.13.154 (Fallback - Secondary IP)
- 18.16.105 (Fallback - Secondary IP)
- 18.67.92 (Fallback - Secondary IP)
- 17.244.221 (Fallback - Secondary IP)
- 18.32.205 (Fallback - Secondary IP)
Return to Step 7 after adding IP addresses to the E-mail safelist, or return to Step 18 in this document for the Inbound gateway setup.
2. Sending Profiles
Our sending profiles will all utilize one of the domains from the Sending Domains file. In addition to mail configurations, add Microsoft Defender (formerly ATP), Proofpoint, Barracuda, Mimecast, and others to any e-mail security layers.
To get the Sending Domains file, follow the steps:
1. Log in to BullPhish ID.
2. Go to the "Guides and FAQs" section.
3. Refer to the "Sending Domains" file for the list of sending
Select Save and return to Step 14 after adding all addresses.
All rights reserved. No part of this document may be reprinted or reproduced, or utilized in any form or by any electronic, mechanical, or other means, now known or invented, including photocopying and recording or in any information storage or retrieval system without1w4ritten permission from the publishers.