If your business uses Google's G Suite, you may need to whitelist usecure IP addresses in order to ensure your usecure simulated phishing and security awareness training emails are delivered successfully. This article will show you how to whitelist our IPs in G Suite.

1. Add usecure's IP addresses to the G Suite whitelist

  1. Log in to https://admin.google.com 
  2. Navigate to Apps -> G Suite -> Gmail
  3. Scroll down to the bottom of the Gmail settings page and click Advanced Settings
  4. Highlight your domain in the Organizations section. Do not select an organizational unit (OU). G Suite only allows whitelisting for the entire domain.
  5. Enter the usecure IP addresses in the Email whitelist section, separated by commas. The usecure IP addresses are: 198.21.6.191 & 168.245.56.242
  6. Click Save. It may take up to an hour for the changes to apply to all users.

2. Add usecure's IP addresses as Inbound Gateways

G Suite will automatically tag some emails as suspicious if it believes there's a chance they are phishing-related, and may add banners to them to notify users of increased risk.

This could be a yellow 'Be careful' banner...

Or a red 'This message seems dangerous' banner.

To better assess your users' vulnerability to phishing, you will want to ensure that these banners do not show up during your simulated phishing campaigns. Follow the instructions below to prevent these banners from appearing for usecure simulated phishing emails in G Suite.

  1. Log in to https://admin.google.com 
  2. Navigate to Apps -> G Suite -> Gmail
  3. Scroll down to the bottom of the Gmail settings page and click Advanced Settings
  4. Under General Settings, click on your top-level organisation on the left (this is normally your primary domain)
  5. Find the Spam section and scroll down to the Inbound gateway setting. Hover over this setting and click the Edit button
  6. Follow the instructions below for configuring the Inbound gateway setting.

Configuring Inbound gateway

  1. Add the usecure IP addresses to the Gateway IPs list (198.21.6.191 & 168.245.56.242)
  2. Ensure that the Reject all mail not from gateway IPs setting is unchecked
  3. Check the Require TLS for connections from the email gateways listed above setting
  4. Under Message Tagging, ensure Message is considered spam if the following header regexp matches is checked
  5. In the Regexp field, enter text that is unlikely to be found in a simulated phishing email, for example: ksdhqloqwklcpsshovpsnlx
  6. Check the Disable Gmail spam evaluation on mail from this gateway; only use header value setting
  7. Click Save

This is what the window should look like:


Your simulated phishing and security awareness training emails should now all be delivered successfully to your users, without warning banners popping up. We suggest you send a test simulated phishing email to your own address first to ensure all the settings have applied correctly!


Did this answer your question?