When using OpenText™ Core Security Awareness Training with Google Workspace (formerly known as Google G Suite), you may need to take action to allow the delivery of email messages sent during simulated phishing campaigns.
 
Note: Users may still receive a warning message about the message not being sent to Spam with these settings in place.
 
The OpenText™ Core Security Awareness Training mail server information is specified in this article.
 
There are two parts involved with allowing email in Google Workspace.

+Part 1: Add OpenText™ Core Security Awareness Training sending IP addresses to the whitelist in Gmail
  1. Log in to your Google Admin console using an administrator account.
     
  2. In the left panel, click Apps > Google Workspace > Gmail. 
     
  3. Click Spam, Phishing and Malware, then select the top-level organization, which is normally your domain.
     
  4. Click Email allowlist.
     
  5. Enter OpenText™ Core Security Awareness Training, sending IP addresses, using a comma to separate them. See this article for the OpenText™ Core Security Awareness Training mail server information.
  6. Click Save.
Note: It can take up to 24 hours for setting changes to take effect.

+Part 2: Set up OpenText™ Core Security Awareness Training mail servers as inbound gateways
This step suppresses the warning messages that Google posts to the user informing them that email messages may be suspicious. These warning messages degrade the effectiveness of the phishing campaign as they tip off users that something is not right.
  1. Log in to your Google Admin console using an administrator account.
     
  2. In the left panel, click Apps > Google Workspace > Gmail.
     
  3. Pick Spam, Phishing and Malware and select the top-level organization, which is normally your domain.
     
  4. Click the Inbound gateway setting and check Enable.
     
  5. For the settings, enter or choose the following as directed:
    1. Gateway IPs section: 
      • IP addresses / ranges - see this article for the OpenText™ Core Security Awareness Training mail server information and enter one per line.
      • Check the box for Require TLS for connections from the email gateways listed above.
      • Leave the other options unchecked.
    2. Message Tagging section:
      • Check the box for Message is considered spam if the following header regexp matches.
      • For the Regexp value: Enter a long nonsense string of letters that is unlikely to be included in the header.
      • Select the option Message is spam if regexp matches.
      • Check the box for Disable Gmail spam evaluation on mail from this gateway, only use header value.
         
  6. Click Save. It can take up to 24 hours for setting changes to take effect.
 
 
Optional: Google Chrome "Safe Browsing" Whitelist

The domains used for phishing simulations, listed here, are occasionally labeled as suspicious or malicious by Google's "Safe Browsing" feature. We have a process in place to notify Google and request a review should any of our simulated phishing domains get flagged. Assuming the mail rules above have been created, this should have no effect on email deliverability. However, users of the Chrome browser may receive a warning banner on our landing page(s) which indicate they have been flagged for security reasons. To create a whitelist within the Chrome browser for our phishing domains, please refer to the Google resource below:

https://chromeenterprise.google/policies/#SafeBrowsingAllowlistDomains
 
 

Testing
Once the configuration has been updated, a test campaign should be run to make sure delivery is working properly. Keep in mind that it takes 24 hours for settings to take effect.
Is this article helpful?
   
Thanks for your feedback!

Powered by NOHOLD Inc. U.S. Patent No. 10,659,398
All Contents Copyright© 2025