HowTo: Allow-List CyberHoot’s Domain Name and IP Addresses – Google Workspace
New CyberHoot businesses need to allow our training and phishing emails to reach their user’s inboxes directly. This article describes the two steps needed to make this happen.
Note: If you wish to create an allow-list just for yourself personally (not for your company’s whole domain) then visit this HowTo: Allow-List CyberHoot in your Own Personal Gmail Account.
Step #1: allow-list CyberHoot attackphish domains in Google workspace Admin Console.
- Under Apps > Google Workspace > Gmail > Spam, Phishing, and Malware, click on ADD ANOTHER RULE under Spam.
- Type a name for the rule such as CyberHoot.
- Click on Create or edit list.
- Click on ADD ADDRESS LIST.
- Type a name for the list such as CyberHoot Phish.
- Click on ADD ADDRESS.
- Type the name of the domain you are entering, the list of domains is found in this article. Enter only the domain names, not the IP addresses.
- Click on the blue slider under Authentication required, to disable it. It should turn grey.
- Repeat this process until all of the domains are entered.
- Click on SAVE.
Step #2: Allow-List by IP Address or Network
Sometimes, there are additional filters that require you allow-list by IP addresses. For CyberHoot:
- Log in to https://admin.google.com and select Apps.
- Select Google Workspace.
- Select Gmail.
- Select Spam, Phishing and Malware.
- Select your domain.
- Add the IP addresses found in this article.
Note: Google Workspace does not allow Allow-Listing by IP Address for individual IPs, only the entire domain.
7. Click Save.
Important Note: If you’re using a 3rd party SPAM provider you will need to Allow-list the domain and/or IP Address in that solution which filters all email before forwarding it to Google Mail accounts.
Part 2: Add CyberHoot’s IP addresses as Inbound Gateways
This method of allow-listing is to prevent the following Google banners from appearing in your user’s inbox when they receive a simulated phishing test from CyberHoot:
This message seems dangerous
Be careful with this message
We have found that this process exempts CyberHoot simulated phishing emails from the Gmail banner warnings. However, this is not documented by Google as an allow-list recommendation.
- Under Apps > Google Workspace > Gmail > Spam, Phishing, and Malware, click on Inbound Gateway.
- Configure the Inbound gateway using the settings below:
- Gateway IPs
Add CyberHoot’s IP addresses. Click here for the list of updated IP addresses. - IMPORTANT: Leave the Reject all mail not from gateway IPs option unchecked. If this is checked, all email will stop flowing to your client.
- Check Require TLS for connections from the email gateways listed above.
- Message TaggingEnter text for the Spam Header Tag that is unlikely to be found in a PST email. This field is required.
- Example: kzndsfgklinjvsdnfioasmnfroipdsmfs
- Select the Disable Gmail spam evaluation on mail from this gateway; only use header value option.
- Click the SAVE button.
- Gateway IPs
Related Articles
HowTo: Avanan Allow-Listing in Google Workspace
This HowTo article explains how to configure Avanan’s Allow Listing to allow Attack Phishing tests to reach end users. Warning: CyberHoot supports fake email Attack-Phishing for customers. Please keep in mind this approach uses negative reinforcement ...HowTo: Allow-List CyberHoot’s Mail-Relay IP Address – Mimecast
This article will walk you through setting up allow list in Mimecast. The required IP address and Domain name information is found in this HowTo article: CyberHoot Email-Relay IP Addresses, Domains, and Allow-Listing ArticlesCyberHoot’s Email-Relay IP Addresses, Domains, and Allow-list Articles
Updated: May 8th, 2025 This article is a reference to CyberHoot’s mail relay IP Addresses and Domain names. The process of allowing phishing tests through to your end users inboxes is dependent upon your mail and spam filters. CyberHoot provides ...HowTo: Allow-List CyberHoot’s Mail-Relays in M365
High-Level Instructions: This HowTo video walks you through allow-listing CyberHoot’s Mail-Relay by either Domain Name or IP Addresses in Microsoft’s O365 environment. This process is very similar whether you use the domain names shown below or the ...HowTo: Allow-List CyberHoot’s AttackPhish Simulation Servers in M365
Detailed Instructions From Microsoft: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide Once you click the link above, follow the instructions under ...