Add the MA IP address to Google Workspace allowlists

Use Google Workspace® to allowlist the MA program IP address and headers and any applicable third-party IP addresses that are used during spam filtering. This could be a static IP address or a range of IP addresses that are assigned to you by your third-party provider.

Before you begin

• Complete Step 2: Add MA to email gateway and spam filtering allowlists.
• Obtain the MA IP address to allowlist. To see the complete list of IP addresses that you must allowlist, go to the Arctic Wolf Unified Portal, and then click Help > Allowlist Requirements. The IP addresses that must be allowlisted are listed under Security Awareness Training.
• If applicable, obtain the static IP address or range of IP addresses from your third-party provider.

Steps

1. Allowlist the MA IP address.
2. Configure header filtering.
3. Add custom spam filter for MA Phishing Simulation emails.

Step 1: Allowlist the MA IP address in Google Workspace

1. Sign in to the Google Admin console.

2. Click Apps > Google Workspace.

3. Click Gmail.

4. Click Spam, phishing and malware.

5. On the left pane, select the domain for your organization.

6. On the Spam, phishing and malware tab, do one of these actions:

   • Scroll to the Email whitelist setting.
   • In the search field, enter Email whitelist.

7. In the Email Allow List field, enter the MA IP address.

8. Click Save.

   Note: It can take up to 24 hours for your changes to take effect.

Step 2: Configure header filtering in Google Workspace

1. Sign in to the Google Admin console.

2. Click Apps > Google Workspace.

3. Click Gmail.

4. Click Compliance to expand it.

5. In the Objectionable Content section, click Configure.

6. Click Name the content > Inbound > Add custom headers.

7. Enter the header values for MA.

8. Select Bypass spam filter for this message

9. Click Save.

   Note: It can take up to 24 hours for your changes to take effect.

10. Make sure your settings work correctly. Send a test MA phishing simulation email to yourself or admins:

    1. In the MA Portal menu, click Administration Dashboard.

    2. Click the User Information tab.

    3. In the Search field, enter the name of an MA administrator, and then press Enter.

    4. Locate the user in the list, and then click Assign Session.

    5. On the Assign Session page, in the Search field, enter Phishing simulation.

    6. In the list of search results, select a phishing simulation to use for testing, and then click Assign.

       Tip: Arctic Wolf recommends assigning the phishing simulation titled Friendsgiving Celebration or Commonwealth Games Viewing Parties for this test.

    7. Check if the test MA phishing simulation email is in your inbox. If the email is:

       • In your inbox — Your settings are correct. Continue with the next procedure.

         Tip: You can also verify that the percentage in the Secure Culture Dashboard under Phishing Simulation is at 0%, indicating no false positives.

       • Not in your inbox — Submit a ticket in the Arctic Wolf Portal for assistance.

Step 3: Add custom spam filter for MA Phishing Simulation emails

1. Sign in to the Google Admin console.

2. Click Apps > Google Workspace.

3. Click Gmail.

4. Click Spam, Phishing and Malware.

5. In the Spam section, click ADD A RULE.

   The Add setting window opens.

6. In the Required: enter a short description that will appear within the setting's summary field, enter a rule description.

7. In the Options to bypass filters and warning banners section, do these steps:

   1. Select Bypass spam filters for internal senders.

   2. Select Bypass spam filters for messages from senders or domains in selected lists.

   3. Click Create or edit list to add one or more allowed MA Phishing Simulation domains.

      The Manage address lists window opens.

8. Click ADD ADDRESS LIST.

9. In the Name field, enter Arctic Wolf MA Phishing Domains.

10. Click BULK ADD ADDRESSES.

    The Bulk add addresses window opens.

11. Copy the language specific phishing domain list for your organization.

    English:

    arcticwolf.com, automated-mailsender.com, mail-donotreply.com, humanresources-mailer.com, internal-humanresources.com, helpdesk-itsupport.com, internalcorporate-mailer.com, securityalert-corporate.com, corporate-alert.com, itsupport-corporate.com

    Deutsch:

    arcticwolf.com, mitarbeiter-helpdesk.de, unternehmenssicherheit-alarm.de, itsupport-mitarbeiter.de, admin-hinweis.de

12. Paste the domain list in the Enter comma or space delimited email addresses or domain names field.

13. Click ADD, and then click SAVE.

    Note: It can take up to 24 hours for your changes to take effect.

14. Make sure your settings work correctly. Send a test MA phishing simulation email to yourself or admins:

    1. In the MA Portal menu, click Administration Dashboard.

    2. Click the User Information tab.

    3. In the Search field, enter the name of an MA administrator, and then press Enter.

    4. Locate the user in the list, and then click Assign Session.

    5. On the Assign Session page, in the Search field, enter Phishing simulation.

    6. In the list of search results, select a phishing simulation to use for testing, and then click Assign.

       Tip: Arctic Wolf recommends assigning the phishing simulation titled Friendsgiving Celebration or Commonwealth Games Viewing Parties for this test.

    7. Check if the test MA phishing simulation email is in your inbox. If the email is:

       • In your inbox — Your settings are correct. Continue with the next procedure.

         Tip: You can also verify that the percentage in the Secure Culture Dashboard under Phishing Simulation is at 0%, indicating no false positives.

       • Not in your inbox — Submit a ticket in the Arctic Wolf Portal for assistance.

Next steps

• Complete Step 4: Configure browsers to autoplay MA sessions.