Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

Setting Up Direct Mail Injection (DMI) for Google Phishing Simulations

Configure Domain-based Message Authentication through Google Workspace.

Follow these steps to configure DMI (Domain-based Message Authentication) through Google Workspace, ensuring the deliverability of phishing test emails:

Step 1: Create a Service Account

  1. Navigate to Google Cloud Console:

  2. Access IAM & Admin:

    • Click on "IAM & Admin".
    • Select "Service Accounts".

  3. Create a Service Account:

    • Click "+Create Service Account".
    • Fill in the Service account name and description.
    • Click "Create and Continue".

  4. Grant Access to Project:

    • Under "Grant this service account access to project", click "Continue".
    • Under "Grant users access to this service account", click "Done".

Step 2: Generate a JSON Key

  1. Access the Service Account:

    • Return to the "Service Accounts" page.
    • Click on the newly created service account.
    • Ensure the Service account status is set to "Enabled".

  2. Create a Key:

    • Navigate to the "Keys" section.
    • Click "Add Key" and select "Create new key".
    • Choose "Json" as the key type and click "Create".
    • Save the JSON file securely as it contains the credentials for the service account.
  3. Send the JSON File to Your Account Manager
    • Send the JSON file you generated to your Account Manager at Dune Security. This is necessary to complete DMI setup.

Step 3: Set Up Domain-Wide Delegation

  1. Access Domain-Wide Delegation:

    • Go to the "Details" tab of your service account.
    • Click on "Advanced Settings" and then "Learn more about domain-wide delegation".

  2. Configure API Access:

    • Open the Admin console.
    • Navigate to "Security" > "Access and data control" > "API Controls".
    • Click "Manage domain wide delegation".

  3. Add New API Client:

    • Click "Add new" under "API clients".
    • Enter the Unique ID from the Service account details page.
    • For OAuth scopes, copy and paste the following:
      ruby
      Copy code
      https://mail.google.com/,
      https://www.googleapis.com/auth/gmail.modify,
      https://www.googleapis.com/auth/gmail.readonly,
      https://www.googleapis.com/auth/gmail.labels
    • Click "Authorize".

Step 4: Enable Gmail API

You can confirm Gmail API is enabled with these steps:
  1. Access Google Cloud Console:
    • Open your web browser and navigate to the Google Cloud Console.
  2. Navigate to APIs & Services:
    • In the left-hand navigation panel, click on APIs & Services.
  3. Search for Gmail API:
    • In the APIs & Services dashboard, find the search bar at the top and type Gmail API.
  4. Enable the Gmail API:
    • Click on the Gmail API result from the search.
    • On the Gmail API page, click the Enable button.

 

Step 5: Finalize Configuration

  1. Verification:
    • Ensure all settings are saved and verified.
    • Conduct a test to confirm the configuration is working as expected.

Congratulations! You have successfully implemented DMI through your Google Workspace to ensure email deliverability for phishing tests. If you encounter any issues, please contact Dune Security Support for assistance.