If your business uses Google Workspace (formerly known as G Suite), you may need to allow list usecure domains and IP addresses in order to ensure your simulated phishing and security awareness training emails are delivered successfully.

In this article, you'll find:

How to allow-list usecure IP addresses in Google Workspace

Allow-listing usecure IP addresses in Google Workspace has two steps:

Adding IP addresses to the allow-list will help emails get through without falling into the spam folder - whereas adding domains as Inbound Gateways will help you get rid of warning messages that could otherwise tip your users off to their simulated phishing emails.

STEP ONE: Add usecure IP addresses to the Google Workspace allow-list

  1. Log in to https://admin.google.com 

  2. Navigate to Apps -> Google Workspace -> Gmail

  3. Scroll down to the bottom of the Gmail settings page and click Spam, Phishing and Malware

  4. Select Email whitelist which is the first option.

  5. Enter the usecure IP addresses in the Email whitelist section, separated by commas. The usecure IP addresses are:
    198.21.6.191
    168.245.56.242

  6. Click Save. It may take up to an hour for the changes to apply to all users.

STEP TWO: Add usecure's IP addresses as Inbound Gateways

Google Workspace will automatically tag some emails as suspicious if it believes there's a chance they are phishing-related, and may add banners to them to notify users of increased risk.

This could be a yellow 'Be careful' banner...

Or a red 'This message seems dangerous' banner.

To better assess your users' vulnerability to phishing, you will want to ensure that these banners do not show up during your simulated phishing campaigns. Follow the instructions below to prevent these banners from appearing for usecure simulated phishing emails in Google Workspace.

  1. Log in to https://admin.google.com 

  2. Navigate to Apps -> Google Workspace -> Gmail

  3. Scroll down to the bottom of the Gmail settings page and click Spam, Phishing and Malware

  4. Scroll down to the third option down Inbound gateway

  5. Add the usecure IP addresses to the Gateway IPs list:
    198.21.6.191
    168.245.56.242

  6. Ensure that the Reject all mail not from gateway IPs setting is unchecked

  7. Check the Require TLS for connections from the email gateways listed above setting

  8. Under Message Tagging, ensure Message is considered spam if the following header regexp matches is checked

  9. In the Regexp field, enter text that is unlikely to be found in a simulated phishing email, for example: ksdhqloqwklcpsshovpsnlx

  10. Check the Disable Gmail spam evaluation on mail from this gateway; only use header value setting

  11. Click Save

This is what the window should look like:


Your simulated phishing and security awareness training emails should now all be delivered successfully to your users, without warning banners popping up. We suggest you send a test simulated phishing email to your own address first to ensure all the settings have applied correctly!

How to allow-list usecure domains in Google Workspace

Allow-listing usecure domains in Google Workspace will help ensure that your course enrolments, policy send-outs and simulated phishing emails are delivered successfully to your end users.

  1. Login to https://admin.google.com

  2. Navigate to Apps -> Google Workspace -> Gmail

  3. Scrolls down to the bottom of the Gmail settings page and click Spam, Phishing and Malware

  4. Scroll down to the Spam section

  5. Click Add Rule or Edit if you wish to use an existing rule

  6. Give the rule a name like "usecure phishing allow-list"

  7. Click Create or Edit list

When you get to the Manage Address list page:

  1. Click Add Address List

  2. Click Bulk-Add Addresses and paste the domains at the bottom of the page into the text box

  3. Leave "require sender authentication" ticked

Back on the settings page:

  1. Click Use Existing List

  2. Select your new address list you created on the previous page

  3. Press save

Domain list:

usecure.io,
user-training.com,
amzwon.net,
biiing.net,
companylegal.co.uk,
financialdept1.com,
financialstaff.co.uk,
firmlegal.co.uk,
gdprlaw.co.uk,
gohelpdesk.co.uk,
gooolge.org,
groupmailserver.co.uk,
grouponedeals.com,
hellpdesk.net,
hhelpdesk.co.uk,
humanres.co.uk,
innermail.co.uk,
it5upport.co.uk,
ithelpdeskweb.co.uk,
ithlpdesks.com,
itsuppports.com,
marketingcrew.co.uk,
microloft.net,
pessoleldept.com,
sup0rt.co.uk,
yahoooo.info,
1nfoclient.fr,
atencionalcleinte.com,
banque-online.com,
centre-assistance.fr,
f1nancier.com,
fiinancier.fr,
financ1er.fr,
hilfekunden.de,
iinfoclient.fr,
ithilfen.de,
itsupp0rt.de,
itsupportt.fr,
kunden-unterstuzung.de,
onlinbanking.de,
pcsupport.fr,
ressourceshumains.com,
technischeuntersttzung.de,
usbank.news,
usbank.website,
uspost.online,
uspost.store,
companypolicy.com.au,
companyemail.com.au,
singlesignon.com.au,
gohelpdesk.com.au,
gohelpdesk.co.nz,
recusos-humanos.com,
infoclientehoy.com,
centro-asistencia.com,
asistenciahoy.com,
companypolicy.ie,
gohelpdesk.ie,
hhelpdesk.ie,
humanres.ie,
itsupports.ie,
singlesignon.ie,
suport.ie,
sup0rt.ie

Next steps


Did this answer your question?