The Google Apps antispam system uses a unique means of allowlisting. Customers on shared IPs should allowlist Marketo's entire sending ranges, because we sometimes need to move customers between IPs for technical reasons. The way to allowlist a range in Google Apps is to configure a manual IP block with a pass through.
G Suite enables you to specify an IP address or range of addresses within a domain, and allow messages from those addresses only. This feature is sometimes referred to as IP lock. In G Suite, you set up this feature in the Content compliance setting.
IP lock is a method that readily enables an administrator to simultaneously whitelist all incoming traffic from a particular domain while equally preventing spoofing by manually defining the allowed IP ranges. The following instructions are particularly useful with domains that do not have an SPF record and/or use third party applications to legitimately spoof their address.
Setting up IP lock with the Content compliance setting includes three separate procedures: Adding the domain, defining the allowed IP range, and setting the correct disposition and NDR.
See this page of Google documentation for more information:
Enforce 'IP lock' in G Suite - G Suite Administrator Help
Instead of using a CIDR range, this interface asks for the first and last IPs in the given range. Here are ours:
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168
Is this article helpful ?