This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure Phish Threat setup together with Gmail / Google Workspace

Hi Everyone,

Since official and unofficial documentation seems lacking about configuring Phish Threat to make it work together with Gmail / Google Workspace, I share my settings in case anyone else is facing these issues.

All settings need to be applied to your Google Admin Console. Navigate to Apps / Google Workspace / Gmail / Spam, Phishing and Malware. Under Organizational Unit, select your top-level organization (typically your primary domain) on the left, then:

  • Add Phish Threat IP addresses to be whitelisted (found in Phish Threat Dashboard / Settings / Domains) to the Email whitelist configuration.
  • Add Phish Threat IP addresses to be whitelisted to the Inbound Gateways configuration, then make sure to activate the message tagging option, enter a long random string in the Regex field, select the message is spam if regex matches option and tick Disable Gmail spam evaluation on email from this gateway, only use header value. Warning: make sure that these settings do not conflict with the use of the inbound gateway for other purposes in your specific configuration.
  • Add domains used by Phish Threat (found in Phish Threat Dashboard / Settings / Domains) in a custom list and add the list to the Spam configuration.

Information adapted from an article found on a well documented Phish Threat competitor's KB ;-)

Moreover, according to my experience it's not needed to disable the Enhanced pre-delivery message scanning as was suggested here (https://community.sophos.com/phish-threat/f/discussions/93692/issue-with-delivery-of-emails-to-gmail-addresses) 4 years ago, by the way it would weaken Gmail malware detection capabilities, not a wanted side effect.

Edit: configuration tested again on 15 June 2022 and still working for me



This thread was automatically locked due to age.
Parents
  • Thank you for the recommendations.  I have implemented all of these settings.  Emails are no longer getting caught in the SPAM folder, but Google is displaying a large banner at the top of the email message that reads: "This message was not sent to Spam based on your organization's settings".  It's a LARGE banner too.  Gray background and white lettering.  You also have a large button available that reads "Move to spam". 

    I'm concerned our users will be able to immediately recognize our test "phishing" attempts.  This takes away the surprise of it all, unfortunately.  Do you have the same behavior?  Or are your messages coming through in a way they look more legitimate?

  • We are having these same issues and cannot find a workaround over the last month or so. 

Reply Children