Whitelisting using this method prevents the following Google banners from appearing in your user's inbox when they receive a simulated phishing test from ATTACK Simulator:


This message seems dangerous



Be careful with this message




Note: We found that this process exempts our simulated phishing emails from the Gmail banner warnings. However, this is not documented by Google as a whitelisting recommendation.


  1. Log in to your Google Admin Console.
  2. Navigate to Apps > Google Workspace > Gmail > Spam, phishing, and malware (https://admin.google.com/ac/apps/gmail/spam).
  3. Find the Inbound Gateway section, click it to get it focused and select Enable. 

After you enable the Inbound Gateway, a new settings screen will appear. Please configure it using the settings bellow:




  1. Add the IP Address for ATTACK Simulator: 168.245.96.234
  2. Leave the Reject all mail not from gateway IPs checkbox deselected.
  3. Leave the Require TLS for connections from the email gateways listed above checkbox deselected.
  4. In the Message Tagging field, enter text for the Spam Header Tag that is unlikely to be found in a PST email. This field is required. For example, "^&FJSJAOIN!213+".
  5. Select the Disable Gmail spam evaluation on mail from this gateway; only use header value option.
  6. Click the SAVE button.