Modules
Sign in
New Request
  1. Kaseya
  2. BullPhish ID
  3. Safelisting

Google Admin Safelisting Guide

 

Google_Admin_Safelisting_.PNG

Google Admin Configuration Settings for BullPhish ID to Ensure Phishing Simulation E-mail Template Delivery

You must take several steps to deliver BullPhish ID e-mail templates successfully. This is a direct result of Google's competency at pre-filtering, quarantining, flagging, and notifying end users of potentially malicious activities in their inboxes. This is great for your organization but can also make things tedious when trying to deploy tools designed to simulate malicious activity for your employees.

The following guide ensures you take the necessary steps to successfully deliver BullPhish ID e-mails based on standard Google Admin configurations. As a note, this is in addition to the safelist if you have third-party spam filters deployed in your environment.

A. Setting the BullPhish ID IP Address as an Inbound Gateway

1. Log in to the admin console for your G-Suite account.

2. Select the "Apps" section.

0.PNG

Steps:

1. Select "Google Workspace" under the Apps.

1.PNG2. Select "Gmail" under the Google Workspace.

2.PNG3. Scroll down and select "Spam, Phishing, and Malware."

3.PNG

Add the IP addresses for BullPhish ID listed in the Deliverability section under "E-mail Whitelist.

168.245.13.192,

34.237.252.20,

54.211.230.155,

18.223.13.154,

3.18.16.105,

3.18.67.92,

3.17.244.221,

3.18.32.205.

22.PNG

5.PNG4. Select Save from the bottom of the page.

5. On the same page, go to "Spam, phishing, and malware" Spam hovers to the right-hand side of the screen and select

6. Enter BullPhish ID under the Spam heading, and select the following:

   Bypass spam filters for messages received from internal senders

  • Bypass spam filters for messages received from addresses or domains within these approved senders' lists. 

7. Click the "Create or edit list" link under bypass spam filters for messages received from addresses or domains within these approved sender's

6.PNG

8. You redirect to a new window, "Manage address lists."

9. Enter BPID as a list

10. Click "ADD ADDRESS" to add safe senders' e-mail addresses and domains listed in Sending Profiles.

7.PNG

11. Go back to the previous tab where the Edit setting window is open under Settings for  Gmail » Spam, phishing, and malware.»

12. Click the "Use existing list" and select the BPID list you created in the previous

13. Click "X" to close the dialog box and click "Save."

8.PNG

14. Hover to the "Inbound gateway" right and click the edit.

9.PNG

15. Enter the IP addresses listed in the Deliverability section and click "Save" after each

  • Scroll down to the "Message Tagging" section and select "Message is considered spam if the following header regexp matches."
  • Enter the following text for the Spam header tag that is unlikely to be found in your phishing simulation or training e-mail. Example, skjdlaklsioudulekkda
  • Check the "Disable Gmail Spam Evaluation on mail from this gateway; only use header value" checkbox. 

10.PNG

NOTE: Confirm that the "Reject all mail not from gateway IPs" checkbox is disabled.

 

16. Select "ADD SETTING" and scroll down to click "SAVE."

B. Set up an image URL proxy Safelist

When your users open e-mail messages, Gmail uses Google's secure proxy servers to serve images that might be included in these messages. It protects your users and domain against image-based security vulnerabilities and hides the IP address and User-Agent header. We have to safelist our domains to have proper "E-mail Opened "status tracking and have information about IP address and User-Agent, cloudsurveillance.net/

Configure the Image URL proxy safelist setting:

1. Log in to your Google Admin console.

2. On the Admin console home page, go to Apps>Google Workspace>Gmail>End User Access.

11.PNG

3. From the left menu, select your top-level organization.

4. Scroll to the "Image URL proxy whitelist."

12.PNG

5. Click the "Edit."

Configure the Image URL proxy safelist setting:

6. Log in to your Google Admin console.

7. On the Admin console home page, go to Apps » Google Workspace » Gmail » End User Access.

13.PNG

8. From the left menu, select your top-level organization.

9. Scroll to the "Image URL proxy whitelist.

14.PNG

10. Click the "Edit."

11. Enter the following URLs in the "Enter image URL patterns. Matching URLs bypasses the image proxy."

15.PNG

Important: Each domain should be on the following line and contain the '/' character. Also, changes may take up to 24 hours to propagate to all users.

  • service-noreply.info/
  • bpidtr.com/

12. Click Save to save changes successfully.

C. Allow listing BullPhish ID by E-mail Header

In addition to setting BullPhish ID IP Addresses as inbound gateways, end users may still experience the following warnings in their inboxes:

16.PNG

To address this issue, please follow the steps below:

13. Log in to the admin console for your G-Suite

14. Select Apps » Google Workspace » Gmail

15. Scroll down to Routing.

17.PNG

16. Select "Configure" next to Routing under the "Routing."

18.PNG

17. Add Routing label - BullPhish ID.

19.PNG18. Select "Inbound" for E-mail messages to affect.

 

19. In Step Two, select "Modify Message."

20. Select "Add custom headers" from Modify

21. Click on add the value mentioned in the below screenshot, i.e., X-Mailer: Bullphish.

20.PNG

22. Select the "Bypass spam filter for this message" checkbox from the Spam.

21.PNG

23. Scroll down to the bottom of the page and click on "Show."

22.PNG

24. Under section A, Address lists, select "Use address lists to bypass or control the application of this setting" and then select the "Only apply this setting for specific addresses/domains" radio button.

25. Then select "Use existing list" and choose the list you created in the previous section of this

26. Click "Save" to save your

D. Deliverability

1. IP Safelisting

To ensure the delivery of your campaigns, safelist the following IP addresses on your e-mail exchange and any third-party spam protection services for all intended targets. Otherwise, there is a significantly higher chance that spam filters may block or reject campaign e-mails.

  • 245.13.192 (SendGrid IP - Needed for sending of notification e-mails)
  • 237.252.20 (New SMTP Server IP- Where we send Phishing & Training E-mails from)
  • 211.230.155 (NAT gateway IP - IP address of background processes that initiate sending Phishing & Training Emails)
  • 223.13.154 (Fallback - Secondary IP)
  • 18.16.105 (Fallback - Secondary IP)
  • 18.67.92 (Fallback - Secondary IP)
  • 17.244.221 (Fallback - Secondary IP)
  • 18.32.205 (Fallback - Secondary IP)

Return to Step 7 after adding IP addresses to the E-mail safelist, or return to Step 18 in this document for the Inbound gateway setup.

2. Sending Profiles

Our sending profiles will all utilize one of the domains from the Sending Domains file. In addition to mail configurations, add Microsoft Defender (formerly ATP), Proofpoint, Barracuda, Mimecast, and others to any e-mail security layers.

To get the Sending Domains file, follow the steps:

1. Log in to BullPhish ID.

2. Go to the "Guides and FAQs" section.

3. Refer to the "Sending Domains" file for the list of sending

Select Save and return to Step 14 after adding all addresses.

© Copyright

All rights reserved. No part of this document may be reprinted or reproduced, or utilized in any form or by any electronic, mechanical, or other means, now known or invented, including photocopying and recording or in any information storage or retrieval system without1w4ritten permission from the publishers.

Have more questions?

Contact us

Was this article helpful?
0 out of 1 found this helpful

Provide feedback for the Documentation team!

Browse this section