HowTo: Allow-List CyberHoot’s Domain Name and IP Addresses – Google Workspace

New CyberHoot businesses need to allow our training and phishing emails to reach their user’s inboxes directly. This article describes the two steps needed to make this happen.

Note: If you wish to create an allow-list just for yourself personally (not for your company’s whole domain) then visit this HowTo: Allow-List CyberHoot in your Own Personal Gmail Account.

Step #1: allow-list CyberHoot attackphish domains in Google workspace Admin Console.

1. Under Apps > Google Workspace > Gmail > Spam, Phishing, and Malware, click on ADD ANOTHER RULE under Spam.
2. Type a name for the rule such as CyberHoot.
3.  Click on Create or edit list.
4. Click on ADD ADDRESS LIST.
5. Type a name for the list such as CyberHoot Phish.
6. Click on ADD ADDRESS.
7. Type the name of the domain you are entering, the list of domains is found in this article. Enter only the domain names, not the IP addresses.
8. Click on the blue slider under Authentication required, to disable it. It should turn grey.
9. Repeat this process until all of the domains are entered. 
10. Click on SAVE.

Step #2:  Allow-List by IP Address or Network

Sometimes, there are additional filters that require you allow-list by IP addresses. For CyberHoot:

1. Log in to https://admin.google.com and select Apps.
2. Select Google Workspace.
3. Select Gmail.
4. Select Spam, Phishing and Malware.
   
5. Select your domain.
   
6. Add the IP addresses found in this article.
   

   

   Note: Google WOrkspace does not allow Allow-Listing by IP Address for individual IPs, only the entire domain.

7. Click Save. 

Important Note:  If you’re using a 3rd party SPAM provider you will need to Allow-list the domain and/or IP Address in that solution which filters all email before forwarding it to Google Mail accounts.

Part 2: Add CyberHoot’s IP addresses as Inbound Gateways

This method of allow-listing is to prevent the following Google banners from appearing in your user’s inbox when they receive a simulated phishing test from CyberHoot:

This message seems dangerous

Be careful with this message

We have found that this process exempts CyberHoot simulated phishing emails from the Gmail banner warnings. However, this is not documented by Google as an allow-list recommendation.

1. Under Apps > Google Workspace > Gmail > Spam, Phishing, and Malware, click on Inbound Gateway.
2. Configure the Inbound gateway using the settings below:
   1. Gateway IPs
      Add CyberHoot’s IP addresses. Click here for the list of updated IP addresses.
   2. IMPORTANT: Leave the Reject all mail not from gateway IPs option unchecked. If this is checked, all email will stop flowing to your client.
   3. Check Require TLS for connections from the email gateways listed above.
   4. Message Tagging
      Enter text for the Spam Header Tag that is unlikely to be found in a PST email. This field is required.
      • Example: kzndsfgklinjvsdnfioasmnfroipdsmfs
   5. Select the Disable Gmail spam evaluation on mail from this gateway; only use header value option.
   6. Click the SAVE button.

Additional Reading:  Whitelists and Blacklists – What are they and how do they affect deliverability?