Is there a recommended config for setting up a G Suite domain for Security Awareness Training campaigns? As it is now, I have whitelisted the IP address found in the documentation, but this doesn’t prevent G Suite from marking the simulation email with a big RED BANNER warning the user. Would be nice not to have that happen for more effective training.
Best answer by Phil Karcher
Yes, please check out “Part 2: Add Webroot’ IP addresses as Inbound Gateways” in the G Suite whitelisting guide below to prevent Google banners from appearing in your user's inbox when they receive a simulated phishing test from Webroot. We are currently updating our documentation. If you message me your email address I can send you this as a PDF with screenshots.
How to Whitelist by IP Address in G Suite/Google Apps
The below instructions will show you how to whitelist Webroot’ simulated phishing emails and training notifications by IP address in your G Suite environment. This method of whitelisting is a two-part process:
Part 1: Add Webroot' IP addresses to Email Whitelist
This is the recommended setting if you do not have a cloud-based spam filter in front of G Suite. If you do have a cloud-based spam filter, you should whitelist us by our IP addresses in the filter, and whitelist by header in G Suite.
We recommend setting up a test phishing campaign to yourself or a small group after you follow the below steps to ensure your whitelisting was successful. The setting may take up to an hour to propagate to all users, so wait at least an hour before testing.
1. Log in to https://admin.google.com and select Apps.
2. Select G Suite.
3. Select Gmail.
4. Select Advanced Settings.
5. In the Organizations section, highlight your Domain (Not an OU).
Note: G Suite does not allow whitelisting by IP Address for individual OUs, only the entire domain.
6. In the Email whitelist section, enter our IP addresses separated by commas.
7. Scroll to the bottom and click Save. The setting may take up to an hour to propagate to all users.
Part 2: Add Webroot’ IP addresses as Inbound Gateways
This method of whitelisting is to prevent the following Google banners from appearing in your user's inbox when they receive a simulated phishing test from Webroot