Set up Gmail to Forward Phishing Emails to Radiant Security

Auto-forward Gmail phishing emails to Radiant Security.

In this guide, you will configure Gmail to automatically forward suspected phishing emails to Radiant Security.

The following guide has 3 options you can choose from, depending on how your phishing reporting mailbox is set up. Choose the method that best matches your environment:

If you currently use a Google Workspace group to receive phishing reports.
If you currently use a dedicated phishing inbox to receive phishing reports.
If you either have the group-based or full-account based method of receiving phishing reports.

Add the Radiant Security alerts alias to a Google Workspace group

If you use a phishing group to process phishing emails, the Radiant Security alerts alias can be added to this group in order to receive a copy of the user report. To do this:

Open the Google Workspace admin portal.
Click Directory, then Groups.
Find the phishing group in the list.
Click Add members.
Add the Radiant Security alias: [email protected] to the group.

Add a forwarding rule to the phishing email account

Use this method if you have a dedicated Google Workspace phishing account with its own inbox.

Note: This method requires you to have access to the phishing account inbox and settings.

Sign in to the phishing account and open the Gmail inbox.
Click the settings icon, then click See all settings.
Select Forwarding and POP/IMAP.
Use the Add a forwarding address to add the Radiant Security alias: [email protected].
Set up Forward a copy of incoming mail to send a copy to the added email address and click Save.

Note: If you are already forwarding a copy to another destination, you may have to add this second destination as a mail rule instead.

Add a default route with an additional recipient

This method should work for both groups and dedicated phishing users. It works by adding a Gmail default route that then adds the Radiant Security reporting email as an additional recipient of the emails sent to the phishing alias.

Open the Google Workspace admin portal.
Navigate to Apps > Google Workspace > Gmail.
Open the Default routing page.
Click Add another rule.
In the Specify envelope recipients to match section, enter the Email address of your phishing inbox.

In the If the envelope recipient matches the above, do the following section, select the Also deliver to > Add more recipients checkbox.

In the Envelope recipient section, click Replace recipient and enter the Radiant Security email: [email protected].

Important note: It is important to unselect the Do not deliver spam to this recipient option, as it may prevent phishing emails from being properly forwarded.

Under Options, select Perform this action on non-recognized and recognized addresses.

Click Save.

PreviousOutlook Online Conditional Forwarding (Inbox Rules)NextSet up KnowBe4 on Chrome to forward phishing emails to Radiant Security

Last updated 15 days ago