Allow Listing by Header in Google Workspace

Written By Hive Systems

The below instructions will show you how to allow list ePHISHiency’s phishing simulation emails by email header in your Google Workspace environment (formerly G Suite)

These instructions are only recommended if you have a cloud-based spam filter in front of Google Workspace. If you are using Google Workspace for your email without an additional spam filter, you can instead allow list by IP address using these instructions. Remember, you will also need to allow list ePHISHiency’s IP address or hostname in your cloud-based spam filter to make sure emails are delivered successfully.

Before you begin:

  • In alignment with our commitment to advocating for systems that promote equity, inclusivity, and embrace diversity, Hive Systems uses the term “allow list” instead of “whitelist.” Some companies may still refer to it as the latter, but the cybersecurity concept is the same.

  • If you are using G Suite Legacy, whitelisting capabilities are limited and you may not be able to properly whitelist ePHISHiency. G Suite Legacy was a free G Suite version that was offered by Google prior to December 2012.

Step 1: Add ePHISHiency’s email header to email allow list

  1. Log on to https://admin.google.com and click Apps.

  2. Click Google Workspace then Gmail.

  3. Click Advanced Settings

  4. Navigate to the Compliance section of the General Settings tab.

  5. Hover over the Content Compliance field and click EDIT if you have no rules, and ADD ANOTHER if you already have one.

  6. Under the Email messages to affect field check Inbound and Internal - receiving.

  7. Click ADD under the Add expressions that describe the content you want to search for in each message.

    • From the first drop-down menu, select if ANY of the following match the message.

    • From the second drop-down menu, select Advanced content match.

    • In the Location field, select Full headers.

    • In the Match type field, select Contains text.

    • In the Content field, enter the header text. The default KnowBe4 header is X-ePHISHiency

    • Click SAVE

  8. In the If the above expressions match, do the following field, select Bypass spam filter for this Message under Spam.

Screen Shot 2020-07-03 at 5.39.18 PM.png

Step 2: Let us know you’re ready!

Contact ePHISHiency support (using the button below) and let us know that you’re all setup. We’ll send a test email to you, or a few people if you want, to make sure everything is working, and then we’ll be on our way to reducing your risk from phishing!

 

Having trouble?

Ron+throwing+away+computer.gif

More KB Articles

Hive Systems
Previous

Allow Listing by IP Address in Google Workspace
Next

Microsoft 365 Advanced Threat Protection (ATP) Bypass Rules