This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure Phish Threat setup together with Gmail / Google Workspace

Hi Everyone,

Since official and unofficial documentation seems lacking about configuring Phish Threat to make it work together with Gmail / Google Workspace, I share my settings in case anyone else is facing these issues.

All settings need to be applied to your Google Admin Console. Navigate to Apps / Google Workspace / Gmail / Spam, Phishing and Malware. Under Organizational Unit, select your top-level organization (typically your primary domain) on the left, then:

  • Add Phish Threat IP addresses to be whitelisted (found in Phish Threat Dashboard / Settings / Domains) to the Email whitelist configuration.
  • Add Phish Threat IP addresses to be whitelisted to the Inbound Gateways configuration, then make sure to activate the message tagging option, enter a long random string in the Regex field, select the message is spam if regex matches option and tick Disable Gmail spam evaluation on email from this gateway, only use header value. Warning: make sure that these settings do not conflict with the use of the inbound gateway for other purposes in your specific configuration.
  • Add domains used by Phish Threat (found in Phish Threat Dashboard / Settings / Domains) in a custom list and add the list to the Spam configuration.

Information adapted from an article found on a well documented Phish Threat competitor's KB ;-)

Moreover, according to my experience it's not needed to disable the Enhanced pre-delivery message scanning as was suggested here ( 4 years ago, by the way it would weaken Gmail malware detection capabilities, not a wanted side effect.

Edit: configuration tested again on 15 June 2022 and still working for me

This thread was automatically locked due to age.
  • Thank you for the recommendations.  I have implemented all of these settings.  Emails are no longer getting caught in the SPAM folder, but Google is displaying a large banner at the top of the email message that reads: "This message was not sent to Spam based on your organization's settings".  It's a LARGE banner too.  Gray background and white lettering.  You also have a large button available that reads "Move to spam". 

    I'm concerned our users will be able to immediately recognize our test "phishing" attempts.  This takes away the surprise of it all, unfortunately.  Do you have the same behavior?  Or are your messages coming through in a way they look more legitimate?

  • Hello Ryan,

    after reading your reply I tried with a new small campaign (my company just renewed Phish Threat for 3 years and I wanted to know ASAP if the toy is broken) and the settings I suggested are still working form me, without banners.

    I already seen the gray banner you are writing about but in a different scenario (unrelated to Phish Threat): we use an external non-Google service (maybe also not listed in our SPF record) to send some messages with our email domain, and needed to check the option "Bypass spam filters for messages received from internal senders" in our Spam settings to let such messages through.

    I suggest you to contact Sophos support and keep this thread updated with relevant suggestions.

  • I would not skip adding the domains to the Spam Allow List. When I tested with just the IP's it blocked some training emails however it caught some because of the URL's in the message. Once I added the domains to the email list it consistently caught the messages. No banner visible in my email put by Gmail. I'm using Gsuite/Workspace not the free gmail.

  • We are having these same issues and cannot find a workaround over the last month or so. 

  • Thank you, just edited my post, last step no longer marked as optional

  • Still working for me, spam configuration must be carefully applied