Forward phishing emails from Gmail
Configure Gmail or Google Workspace to forward user-reported phishing emails to Radiant Security using a group, a dedicated inbox, or a default route.
In this article, you configure Gmail to automatically forward user-reported phishing emails to Radiant Security. Three methods are available depending on how your phishing reporting mailbox is set up. Choose the method that best matches your environment.
Prerequisites
Choose a forwarding method
Three methods are available. Choose one based on how your organization currently receives phishing reports.
Use this method if your users currently report phishing emails to a Google Workspace group.
In this phase, you add the Radiant Security alerts alias to the existing phishing group so that Radiant receives a copy of every user report.
Open the Google Workspace admin portal.
Click Directory, then Groups.
Find the phishing group in the list.
Click Add members.
Add the Radiant Security alias:
[email protected]to the group.
Use this method if you have a dedicated Google Workspace phishing account with its own inbox.
Note: This method requires you to have access to the phishing account inbox and settings.
In this phase, you add a forwarding rule on the dedicated phishing account that forwards every received message to Radiant.
Sign in to the phishing account and open the Gmail inbox.
Click the settings icon, then click See all settings.
Select Forwarding and POP/IMAP.
Use Add a forwarding address to add the Radiant Security alias:
[email protected].Set Forward a copy of incoming mail to to the added email address and click Save.
Note: If you are already forwarding a copy to another destination, you may have to add this second destination as a mail rule instead.
Use this method if you have either a group-based or a dedicated phishing account setup. It works for both.
In this phase, you add a Gmail default route that adds the Radiant Security reporting email as an additional recipient of messages sent to the phishing alias.
Open the Google Workspace admin portal.
Go to Apps > Google Workspace > Gmail.
Open the Default routing page.
Click Add another rule.
In the Specify envelope recipients to match section, enter the email address of your phishing inbox.
In the If the envelope recipient matches the above, do the following section, select the Also deliver to > Add more recipients checkbox.
In the Envelope recipient section, click Replace recipient and enter the Radiant Security email:
[email protected].
Important note: Unselect the Do not deliver spam to this recipient option, as it may prevent phishing emails from being properly forwarded.
Under Options, select Perform this action on non-recognized and recognized addresses.
Click Save.
Verify the integration
After you complete the forwarding setup, confirm reports are reaching Radiant.
From any mailbox in your organization, send a test message to the phishing reporting destination (group, dedicated inbox, or alias) you configured above.
Sign in to Radiant Security and check the Alerts and Cases tabs for the triaged report.
If the report does not appear, confirm the following:
The Radiant Security alias is exactly
[email protected].The forwarding configuration matches the method you chose: alias added to the group, forwarding rule on the dedicated inbox, or default route with an additional recipient.
For the default route method, Do not deliver spam to this recipient is unselected.
The reporter's domain is enabled in Radiant's Monitored Domains tab.
Last updated
Was this helpful?