The Google Apps antispam system uses a unique means of allowlisting. Customers on shared IPs should allowlist Marketo's entire sending ranges, because we sometimes need to move customers between IPs for technical reasons. The way to allowlist a range in Google Apps is to configure a manual IP block with a pass through.

 

G Suite enables you to specify an IP address or range of addresses within a domain, and allow messages from those addresses only. This feature is sometimes referred to as IP lock. In G Suite, you set up this feature in the Content compliance setting.

IP lock is a method that readily enables an administrator to simultaneously whitelist all incoming traffic from a particular domain while equally preventing spoofing by manually defining the allowed IP ranges. The following instructions are particularly useful with domains that do not have an SPF record and/or use third party applications to legitimately spoof their address.

Setting up IP lock with the Content compliance setting includes three separate procedures: Adding the domain, defining the allowed IP range, and setting the correct disposition and NDR.

 

See this page of Google documentation for more information:

Enforce 'IP lock' in G Suite - G Suite Administrator Help

Instead of using a CIDR range, this interface asks for the first and last IPs in the given range. Here are ours:

 

199.15.212.0 - 199.15.212.255

199.15.213.0 - 199.15.213.255

199.15.214.0 - 199.15.214.255

199.15.215.0 - 199.15.215.255

192.28.146.0 - 192.28.146.255

192.28.147.0 - 192.28.147.255

94.236.119.0 - 94.236.119.63

185.28.196.0 - 185.28.196.255

103.237.104.0 - 103.237.104.255

103.237.105.0 - 103.237.105.255

130.248.172.0 - 130.248.172.255
130.248.173.0 - 130.248.173.255

 

Is this article helpful ?

YesNo

Labels (1)