If you have a cloud-based spam filter in front of GSuite this would be the suggested setting. If you are using GSuite for your mail without an additional spam filter, you can Whitelist by IP Address instead. You will also need to whitelist the Cyber Risk Aware Domain and IP address in your cloud-based spam filter to make sure successful delivery of emails.
Sign in to your Google Admin console.
Sign in using an administrator account, not your current account ie email@example.com
From the Admin console dashboard, go to AppsGoogle WorkplaceGmailCompliance.
Under the Compliance section, scroll to the Content Compliance section.
Click on Add another rule.
Check the box next to Inbound and Internal - receiving under 1. Email messages to affect
Under 2. Add expressions that describe the content you want to search for in each message Select If ANY of the following match the message in the first drop-down menu.
Click Add below the Expressions tab.
From the second drop-down menu, select Advanced content match
Fields should read as follows
- Advanced content match
- Location should be Full Headers
- Match type should be Contains text
- Content should be X-Cra-CamMail
- SAVE the form
In the 3. If the above expressions match, do the following section, select Bypass spam filter for this Message under Spam and click SAVE.
Upon making these changes, please wait an hour or so before testing to allow changes to replicate throughout the system. We would advise testing a phishing campaign on yourself or a small group to confirm that the changes you made were successful.