Campaign Whitelisting Walkthrough

Domains and IPs:

Active Domains:
cyberpools.org
systememail.org
systememails.org
cybertoolkit.org

Active IPs:
142.171.148.66
142.171.148.67
142.171.148.68

Inactive Domains:
account-security-dashboard.com
thetrustcloudserver.net
acountservice.com
bizdevsvc1.com

Inactive IPs:
49.13.195.61
116.203.215.192
157.90.166.12

Google Workspace Whitelisting Guide

Log into your Google Workspace Admin console
Expand the Apps drop-down
Expand the Google Workspace drop-down and click Gmail
Click Spam, phishing, and malware
In the Organizational Units section toward the middle-left of the page, ensure your domain is selected
Click Email allowlist
Enter our IP addresses as a comma-separated list
Click SAVE

Google Workspace Inbound Gateway Setup

Log into your Google Workspace Admin console
Expand the Apps drop-down
Expand the Google Workspace drop-down and click Gmail
Click Spam, phishing, and malware
In the Organizational Units section toward the middle-left of the page, ensure your domain is selected
Click Inbound gateway
Check the Enable option to open the Inbound Gateway page
Configure the Inbound Gateway:

Gateway IPs
- Add our IP addresses. They usually need to be added one address at a time
- Do NOT select the "Reject all mail not from gateway IPs" check box
- Select the Require TLS for connections from the email gateways listed above check box
Message Tagging
- Select the Message is considered spam if the following header regexp matches checkbox
- Enter a regular expression that wouldn't match in a normal email. This can be a random series of characters such as "$#@!asdansdkjha83274HGBHJGGYSFG3267gMKNNSUIDJasjkdnasdfsm"
- Select "Disable Gmail spam evaluation on mail from this gateway; only use header value check box"

Click SAVE

Add an Approved Senders List

Log into your Google Workspace Admin console
Expand the Apps drop-down
Expand the Google Workspace drop-down and click Gmail
Click Spam, phishing, and malware
In the Organizational Units section toward the middle-left of the page, ensure your domain is selected
Scroll to the Spam section
If no list has been set up before, click Configure. Otherwise, click Add Another Rule
Give the setting a description/name
Check the Bypass spam filters for messages received from addresses or domains within these approved senders lists box
Directly underneath, click Use existing list or Create or edit list
If selecting Create or edit list:
- The Manage address lists setting will open in a new tab
- Click ADD ADDRESS LIST
- Enter a name for the new list
- Click ADD ADDRESS and enter our domain or a specific email address
- Repeat for any additional domains/addresses
- Click SAVE for this address list
- Then, return to the original tab and click Use existing list
Check the box for the list(s) with our domains/addresses, then close the popup
Also check the Bypass spam filters and hide warnings for messages from senders or domains in selected lists box directly underneath the previous one
Add the list with the Use existing list or Create or edit list options in the same way
Click SAVE

Google Workspace Content Compliance Setup

Log into your Google Workspace Admin console
Expand the Apps drop-down
Expand the Google Workspace drop-down and click Gmail
Click Compliance
In the Organizational Units section toward the middle-left of the page, ensure your domain is selected
Scroll to the Content Compliance section
If no rule has been set up before, click Configure. Otherwise, click Add Another Rule
Give the Content Compliance rule a name
Under Email messages to affect, check the Inbound box
Under Add expressions that describe the content you want to search for in each message, click ADD:
- Select Advanced content match from the drop-down list
- Change Location to Envelope sender. You may need to scroll down to see the option
- Change Match type to Matches regex
- In the Regexp text box, enter the expression @systememail.org
- Click SAVE
Under the 3. If the above expressions match, do the following section, scroll to Spam
Check the Bypass spam filter for this message box
Click SAVE

Google Workspace Image URL Proxy Allowlist Setup

Log into your Google Workspace Admin console
Expand the Apps drop-down
Expand the Google Workspace drop-down and click Gmail
Click End User Access
In the Organizational Units section toward the middle-left of the page, ensure your domain is selected
Click Image URL proxy allowlist
Add https://images.cybertoolkit.org/ and https://images.systememail.org/
In the Enter an image URL to preview section,
enter https://images.systememail.org/test-image.png, then click PREVIEW to verify the URL patterns
Click SAVE

Microsoft 365 Whitelisting Guide

Log into your Microsoft 365 admin center
Expand the Admin centers drop-down
Click Exchange to open the Exchange admin center
Expand the Mail flow drop-down
Click Rules
Click Add a rule and select the Create a new rule option
Give the rule a name
In the Apply this rule if drop-down, select The sender and domain is
Add our domains in the specify domain popup and click Save
In the Do the following drop-down, select Modify the message properties and set the spam confidence level (SCL)
Select Bypass spam filtering from the specify SCL popup menu and click Save
Click Next to go to the Set rule settings section
Ensure Rule mode is set to Enforce, then click Next
Once on the Review and finish section, click Finish
Ensure the rule shows Enabled under Status

Bypassing M365 Junk and Clutter Folders

Log into your Exchange admin center
Expand the Mail flow drop-down

Rules

Select the rule previously set up on our Microsoft 365 Whitelisting Guide page and click Edit rule conditions
Under the Conditions tab, click the + to the right of the Do the following section
In the new And section, select Modify the message properties and set a message header
Click the Enter text after Set the message header and enter X-MS-Exchange-Organization-BypassClutter, then click Save
Click the Enter text after to the value and enter true, then click Save
Click Save at the bottom of the rule to save the changes
To set the second header, create a new rule by clicking Add a rule and selecting the Create a new rule option
Give the rule a name
In the Apply this rule if drop-down, select The sender and domain is
Add our domains in the specify domain popup and click Save
In the Do the following drop-down, select Modify the message properties and set a message header
This time, set the message header to X-Forefront-Antispam-Report and the value to SFV:SKI;CAT:NONE;
Once set, click Next to go to the Set rule settings section
Ensure Rule mode is set to Enforce, then click Next
Once on the Review and finish section, click Finish
Ensure this new rule also shows Enabled under Status

M365 Defender Advanced Delivery Whitelisting

Please note that this requires you to have the Security Administrator role group
Log into your Microsoft 365 admin center
Expand the Admin centers drop-down
Click Security to open the Microsoft Defender admin center
Expand the Email & collaboration drop-down
Click Policies & rules and select Threat policies
Select the Advanced Delivery option under the Rules section
Click the Phishing simulation tab near the top
Then click Edit directly underneath where the tab was on the page
In the popup, expand the Domain section
Click in the box and type out our domains to add them to the list
Next, expand the Sending IP section
Click in the box and type out our IPs to add them to the list
Finally, expand the Simulation URLs to allow section
Click in the box and add cybertoolkit.org and training.cybertoolkit.org
Click Save