topic Re: Whitelist domains for Spoofing and authentication in Peer-Peer Topics

Whitelist domains for Spoofing and authentication

nkuhl30 — Wed, 01 May 2024 11:51:44 GMT

We have the Gmail -> Safety -> Spoofing and authentication -> Protect against spoofing of employee names setting set to ON and quarantine. Periodically, we send emails from our student information system from employees to groups of students. The domain of SIS is mail.veracross.com. Some of these emails, sent to students, are stopped in quarantine while others are not. There's no rhyme or reason to it.

I've added all emails addresses used by the SIS to communicate with students, as domain shared contacts. These email addresses now show up in user's contact lists. However, emails from our SIS are still being flagged as spoofing of employee names. After a bit of research, the reason why the domain shared contact method won't work in this scenario is because, while the email addresses stay the same, the From name does not.

We can't disable Gmail -> Safety -> Spoofing and authentication -> Protect against spoofing of employee names due to security concerns. This feature stops an incredible amount of bad actors trying to pose as our employees so it's critical that it be in use. However, there needs to be a way to instruct Google Workspace to allow all email from our SIS and not be subject to any type of filter.

I'd like to request a method, or whitelist perhaps, to override Gmail -> Safety -> Spoofing and authentication -> Protect against spoofing of employee names for certain email addresses.

Re: Whitelist domains for Spoofing and authentication

stoodto — Wed, 01 May 2024 13:24:17 GMT

I had to add to my txt file to stop a specific work email from going into the quarantine. Ours had to do with our ITC.

Re: Whitelist domains for Spoofing and authentication

nkuhl30 — Wed, 01 May 2024 13:25:13 GMT

What do you mean you had to add a txt file? Can you elaborate on that?

Re: Whitelist domains for Spoofing and authentication

stoodto — Wed, 01 May 2024 13:30:04 GMT

In our txt file where you have to include your spf for google, we also had to include an spf for our ITC and I believe we adjusted the ip4. Your ITC *might* be able to help with making that adjustment depending on what they provide to you.

Re: Whitelist domains for Spoofing and authentication

nkuhl30 — Wed, 01 May 2024 13:31:18 GMT

Gotcha. This isn't an issue that has to do with SPF/DKIM/DMARC. It's a specific issue with the Spoofing and Authentication feature in Google Workspace.

Re: Whitelist domains for Spoofing and authentication

stoodto — Wed, 01 May 2024 13:32:56 GMT

I think ours were being marked as spoofing as well because they were being thrown into the quarantine. Sorry I couldn't help.

Re: Whitelist domains for Spoofing and authentication

nkuhl30 — Wed, 01 May 2024 13:34:39 GMT

No worries. The Spoofing and Authentication safety feature overrides SPF/DMARC/SKIM and any whitelist that you can configure. It's crazy. All we need is for Google to add a whitelist for Spoofing.

Re: Whitelist domains for Spoofing and authentication

Kim_Nilsson — Mon, 06 May 2024 09:26:07 GMT

Using Domain Shared Contacts (DSC) would work if the system did not send from different users. This is something that the developers of that system can allow as an option. There is no good reason why any external system should spoof your names or addresses.

Re: Whitelist domains for Spoofing and authentication

don_b_nashville — Mon, 06 May 2024 14:19:59 GMT

Also, check to see if Sendgrid makes sense. There's a free level and this was the only way for us to route emails with .wav file voicemails to Gmail from our uncredentialed phone server.

Re: Whitelist domains for Spoofing and authentication

nkuhl30 — Mon, 06 May 2024 14:55:16 GMT

Our SIS creates dynamic distribution lists for students in a particular class, as well as parents of those students in a particular class. It's a really useful feature to have. However, the From name remains that of the teacher and the email server is that of the SIS. All I need is for Google to bypass the spoofing and auth feature for one site. This should be doable and I can't believe it hasn't been implemented yet.