search

Whitelisting Email Domains

Learn how to quickly and easily whitelist Herd provided email domains so email simulations are delivered right to your inbox.

hashtag
Whitelist a domain for your entire organization (Admin console)

Use this method when you are a Google Workspace admin and want to ensure messages from a specific domain (or sender) are not marked as spam for any user.

hashtag
Prerequisites

  • You are a Google Workspace administrator with permission to manage Gmail settings.

  • Please note: Any email you create using the domains @x7k2m.net or @okta-auth-verify.com should be whitelisted. The username portion can vary, as long as the domain is whitelisted, the message won't be marked as spam

hashtag
Step 1 – Open the Admin console

  1. In a browser, go to https://admin.google.com.

  2. Sign in with your administrator account (for example, admin@yourcompany.com ).

hashtag
Step 2 – Go to Gmail settings

  1. From the Admin console home page, click Apps.

  2. Click Google Workspace.

  3. Click Gmail to open the service-level settings.

hashtag
Step 3 – Open spam and allowlist settings

  1. In the Gmail settings page, look for Security or Spam, phishing and malware (the exact section name may vary slightly).

  2. Click Spam, phishing and malware to see advanced spam configuration options.

  3. Locate the Email allowlist, Approved senders, or similarly named setting (this is where you add trusted senders or domains).

hashtag
Step 4 – Add the domain or address to the allowlist

  1. In the allowlist / approved senders section, click Edit, Configure, or Add (the label may differ depending on your environment).

  2. Enter one or more of the following:

    • A full domain, such as herdsecurity.io, to allow all senders from that domain.

    • A specific email address, such as notifications@service.com, to allow just that sender.

  3. Review any notes or warnings in the UI so you understand how broadly the rule applies.

hashtag
Step 5 – Save and apply the policy

  1. Click Save or Add to confirm the new allowlist entries.

  2. If prompted, confirm that these settings should apply to your chosen organizational unit(s) (for example, the entire domain or a specific OU).

  3. Note that changes can take several minutes to propagate across all user accounts.

PreviousNavigating Phishing Simulations PageNextCreating Email Templates

Last updated