These instructions will guide you how to whitelist Phish Insight’s server IPs in your GSuite environment. Once you’ve set up the whitelisting recommendations below, we recommend sending a test campaign to yourself or a small group first to ensure your whitelisting was successful. The changes may take up to an hour to propagate to all users within your organization.


Part I: Adding Phish Insight sender IP addresses to your whitelist 

  1. Login to your Google admin account.
  2. Select Apps and Google Workspace
  3. Click Gmail
  4. Scroll down then select Spam, Phishing, and Malware.
  5. Enter our IP addresses separated by commas in the Email whitelist section

    Note: To access this information, log in to Phish Insight, click the chat widget at the lower-right corner, click Allow List, and open Add Phish Insight to your Allow List.Please ensure that you are logged in to your account to see this option. 

  6. Optional: Disable Enhanced pre-delivery message scanning temporarily to ensure that the connection won’t time out while reaching out to your server.
  7. Edit the Spam settings. Select Bypass spam filters for messages received from addresses or domains within these approved senders lists.
  8. Create a new list and name Phish Insight sender. Add the Phish Insight sender address or domain name: and deselect Require sender authentication.
  9. Click Save.

Part II: Adding Phish Insight server IPs to your Inbound Gateway

A Gmail warning banner may appear in your user’s inbox when they receive your campaign email. Please follow these steps to prevent this banner to appear.
Note: We recommend enabling these settings for the duration of your campaign only

  1. Under Spam, phishing, and malware section; Add a new Inbound Gateway. Name the setting  For example: Phish Insight Inbound Gateway

  2. Enter Phish Insight server IP addresses on the Gateway IPs. Please refer to Part I Step 5 for the list.

  3. Select Message is considered spam if the following header regexp matches.
    Enter text for the Spam header tag that is unlikely to be found in your phishing simulation email. E.g. uyrghskfeoafkgoeonghgh

  4. Check the Disable Gmail Spam Evaluation on mail from this gateway; only use header value option.

  5. Click Save.