The Google for Education Community Platform

alexgrutza · ‎07-23-2024

What are people's thoughts on having 122 IPs/ranges in the allowlist? If the sender has their email system configured properly, shouldn't we not have to have their IPs in the allowlist?

I'm doing some cleanup in preparation for switching to mimecast email gateway, and am wanting to clean up as much old stuff that was improperly configured before my time as possible, and I feel like this is a big one.

Shouldn't a lot of these spam filtering be based on email address instead of IP? We have a lost of amazon IP's and it's probably because a system of ours is ran through a vendor that's running on aws...

--
CISSP | LinkedIn | @Phyxiis

Kim_Nilsson · ‎08-05-2024

Just checked and then changed our settings today.
https://admin.google.com/ac/apps/gmail/spam?hl=en

Cleared it out, so it looks this nice now. 🙂

Earlier this year, I had three (3) IPs there, all part of an anti-phishing training campaign, where you have to tell Gmail to ignore such emails, else Gmail will absolutely tag them as spam. 🙂

So, NO, having 122 IPs excluded is NOT normal or recommended.

I also recommend telling your vendors to use proper SPF and DKIM, and just let them send from their own domains. I don't want people learning that it's fine to receive emails from external services with spoofed addresses from our domain.

--
https://wheretofind.me/@NoSubstitute

alexgrutza · ‎08-05-2024

Yeah I'm going to be clearing it out except for very specific systems (phishing training, emergency alert system, student admission system, etc)

--
CISSP | LinkedIn | @Phyxiis

The Google for Education Community Platform

Workspace Allowlist