# Forward phishing emails from Gmail

In this article, you configure Gmail to automatically forward user-reported phishing emails to Radiant Security. Three methods are available depending on how your phishing reporting mailbox is set up. Choose the method that best matches your environment.

### Prerequisites

* [ ] Admin access to Google Workspace, or access to the phishing account's inbox and settings (depending on the method you choose)
* [ ] You have completed the steps in the [phishing email forwarding overview](/radiant-connectors/connectors-and-data-ingestion/phishing-email-forwarding-overview.md), including enabling your monitored domains.

### Choose a forwarding method

Three methods are available. Choose one based on how your organization currently receives phishing reports.

{% tabs %}
{% tab title="Google Workspace group" %}
Use this method if your users currently report phishing emails to a Google Workspace group.

In this phase, you add the Radiant Security alerts alias to the existing phishing group so that Radiant receives a copy of every user report.

1. Open the [Google Workspace admin portal](https://admin.google.com/).
2. Click **Directory**, then **Groups**.
3. Find the phishing group in the list.
4. Click **Add members**.
5. Add the Radiant Security alias: `alerts@report.radiantsecurity.ai` to the group.
   {% endtab %}

{% tab title="Dedicated phishing inbox" %}
Use this method if you have a dedicated Google Workspace phishing account with its own inbox.

{% hint style="info" %}
**Note:** This method requires you to have access to the phishing account inbox and settings.
{% endhint %}

In this phase, you add a forwarding rule on the dedicated phishing account that forwards every received message to Radiant.

1. Sign in to the phishing account and open the Gmail inbox.
2. Click the settings icon, then click **See all settings**.
3. Select **Forwarding and POP/IMAP**.
4. Use **Add a forwarding address** to add the Radiant Security alias: `alerts@report.radiantsecurity.ai`.
5. Set **Forward a copy of incoming mail to** to the added email address and click **Save**.

{% hint style="info" %}
**Note:** If you are already forwarding a copy to another destination, you may have to add this second destination as a mail rule instead.
{% endhint %}
{% endtab %}

{% tab title="Default route with an additional recipient" %}
Use this method if you have either a group-based or a dedicated phishing account setup. It works for both.

In this phase, you add a Gmail default route that adds the Radiant Security reporting email as an additional recipient of messages sent to the phishing alias.

1. Open the [Google Workspace admin portal](https://admin.google.com/).
2. Go to **Apps > Google Workspace > Gmail**.
3. Open the **Default** routing page.
4. Click **Add another rule**.
5. In the **Specify envelope recipients to match** section, enter the email address of your phishing inbox.

<div align="left"><figure><img src="/files/RI4PxJj9wZvdvhFcdTRR" alt="" width="471"><figcaption></figcaption></figure></div>

6. In the **If the envelope recipient matches the above, do the following** section, select the **Also deliver to > Add more recipients** checkbox.
7. In the **Envelope recipient** section, click **Replace recipient** and enter the Radiant Security email: `alerts@report.radiantsecurity.ai`.

{% hint style="warning" %}
**Important note:** Unselect the **Do not deliver spam to this recipient** option, as it may prevent phishing emails from being properly forwarded.
{% endhint %}

<div align="left"><figure><img src="/files/wQnQRGkxr098tw5AkJpn" alt="" width="525"><figcaption></figcaption></figure></div>

8. Under **Options**, select **Perform this action on non-recognized and recognized addresses**.

<div align="left"><figure><img src="/files/8r7XnCE11FkYlzOtt12b" alt="" width="461"><figcaption></figcaption></figure></div>

9. Click **Save**.
   {% endtab %}
   {% endtabs %}

### Verify the integration

After you complete the forwarding setup, confirm reports are reaching Radiant.

1. From any mailbox in your organization, send a test message to the phishing reporting destination (group, dedicated inbox, or alias) you configured above.
2. Sign in to [Radiant Security](https://app.radiantsecurity.ai/) and check the **Alerts** and **Cases** tabs for the triaged report.

If the report does not appear, confirm the following:

* The Radiant Security alias is exactly `alerts@report.radiantsecurity.ai`.
* The forwarding configuration matches the method you chose: alias added to the group, forwarding rule on the dedicated inbox, or default route with an additional recipient.
* For the default route method, **Do not deliver spam to this recipient** is unselected.
* The reporter's domain is enabled in [Radiant's Monitored Domains](https://app.radiantsecurity.ai/settings/organization/phishing-configuration) tab.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/connectors-and-data-ingestion/phishing-email-forwarding-overview/forward-phishing-emails-from-gmail.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.