> For the complete documentation index, see [llms.txt](https://herd-security.gitbook.io/herd-security-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://herd-security.gitbook.io/herd-security-docs/simulations/phishing-simulations/whitelisting-email-domains.md). # Whitelisting Email Domains (Google Workspace) When Herd sends a phishing simulation, the message comes from one of Herd's verified sending domains rather than your own. If Google Workspace spam filtering isn't expecting those domains, simulations can be marked as spam instead of reaching the inbox — which skews your results. This guide shows a Google Workspace **admin** how to allowlist Herd's domains for the whole organization so simulations land in every user's inbox. {% hint style="info" %} Using Microsoft 365 instead? See [Whitelisting Email Domains in Microsoft 365](/herd-security-docs/simulations/phishing-simulations/whitelisting-email-domains-microsoft-365.md). {% endhint %} ## Herd sending domains Herd sends phishing simulations from a shared pool of verified domains. Each is styled to impersonate a familiar brand or service; the generic `x7k2m.net` is used when a simulation isn't tied to a specific brand. **You only need to allowlist the domains relevant to your organization** — for example, you can skip `salesforce-customer-care.com` if your team never uses Salesforce. | Domain | Impersonates | | ------------------------------ | ------------------------------------- | | `x7k2m.net` | Generic — no specific brand (default) | | `okta-auth-verify.com` | Okta | | `claude-auth-verify.com` | Claude (Anthropic) | | `anthropic-portal.com` | Anthropic | | `chatgpt-customer-care.com` | ChatGPT (OpenAI) | | `codex-support.com` | Codex (OpenAI) | | `cursor-services.com` | Cursor | | `github-status-update.com` | GitHub | | `aws-account-portal.com` | Amazon Web Services | | `amazon-account-team.com` | Amazon | | `google-status-update.com` | Google | | `slack-customer-care.com` | Slack | | `salesforce-customer-care.com` | Salesforce | | `oracle-portal.com` | Oracle | | `netsuite-account-confirm.com` | NetSuite | | `calendly-support.com` | Calendly | | `zip-portal-verify.com` | Zip | | `whatnot-customer-team.com` | Whatnot | {% hint style="info" %} Herd activates and rotates sending domains over time, so this list grows. Confirm the current set — and the specific domains used in your campaigns — with your Herd representative. The username portion of an address can vary (for example, `security@` or `no-reply@`); allowlisting the **domain** covers every address on it. {% endhint %} ### Prerequisites * You are a Google Workspace administrator with permission to manage Gmail settings. * You know which Herd sending domains apply to your organization (see [Herd sending domains](#herd-sending-domains) above). ### Step 1 – Open the Admin console 1. In a browser, go to `https://admin.google.com`. 2. Sign in with your administrator account (for example, `admin@yourcompany.com` ). ### Step 2 – Go to Gmail settings 1. From the Admin console home page, click **Apps**. 2. Click **Google Workspace**. 3. Click **Gmail** to open the service-level settings. ### Step 3 – Open spam and allowlist settings 1. In the Gmail settings page, look for **Security** or **Spam, phishing and malware** (the exact section name may vary slightly). 2. Click **Spam, phishing and malware** to see advanced spam configuration options. 3. Locate the **Email allowlist**, **Approved senders**, or similarly named setting (this is where you add trusted senders or domains). ### Step 4 – Add the domain or address to the allowlist 1. In the allowlist / approved senders section, click **Edit**, **Configure**, or **Add** (the label may differ depending on your environment). 2. Enter one or more of the following: * A full domain, such as `x7k2m.net`, to allow all senders from that domain. * A specific email address, such as `it-support@okta-auth-verify.com`, to allow just that sender. 3. Review any notes or warnings in the UI so you understand how broadly the rule applies. ### Step 5 – Save and apply the policy 1. Click **Save** or **Add** to confirm the new allowlist entries. 2. If prompted, confirm that these settings should apply to your chosen organizational unit(s) (for example, the entire domain or a specific OU). 3. Note that changes can take several minutes to propagate across all user accounts. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://herd-security.gitbook.io/herd-security-docs/simulations/phishing-simulations/whitelisting-email-domains.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.