If your organization uses Basecamp for project management alongside Google Workspace for email, you might eventually wake up to a scary-looking security email.
The alert from google-workspace-alerts-noreply@google.com warns you about “Gmail potential employee spoofing.” It flags external automated emails (like notifications@app.basecamp.com) because the sender’s display name matches a real employee in your company directory, but the email originates from outside your domain.
While this feature protects against phishing, it frequently catches legitimate project updates from your team. Here is how to investigate the alert and stop Gmail from flagging your trusted Basecamp notifications.
Step 1: Verify the alert is a false positive
Before changing security rules, you must confirm the email is safe.
1. Ask the employee named in the alert if they recently performed actions or sent updates via Basecamp.
2. Check the email headers of the flagged message. Look for these two lines:
- mailed-by: app.basecamp.com
- signed-by: app.basecamp.com
3. If both lines point to the official Basecamp domain, the email has a valid cryptographic signature (DKIM) and is safe to trust.
Step 2: Configure the spam bypass setting in Google Admin
Because the basic IP allowlist does not accept text domain names, you must configure a spam bypass rule for the domain.
1. Log in to the Google Admin Console.
2. Navigate to Apps > Google Workspace > Gmail > Spam, Phishing, and Malware.
3. Hover over the Spam section and click Configure (or Edit).
4. Check the box for Bypass spam filters and hide warnings for messages from senders or domains in selected lists.
5. Click Create or edit list, name the new list Trusted External Tools, click ADD ADDRESS, and enter app.basecamp.com.
6. Return to the settings page, click Use existing list, and choose your new Trusted External Tools list.
7. Click Save.
Step 3: Create a content compliance rule
Setting up an explicit compliance rule guarantees these notifications bypass advanced organizational filters entirely.
1. In the Admin Console, go to Apps > Google Workspace > Gmail > Compliance.
2. Scroll to Content compliance and click Add Rule.
3. Under Email messages to affect, check the box for Inbound.
4. Under Expressions, click Add and set the following parameters:
- Condition: Advanced match
- Location: Sender header
- Match type: Contains text
- Content: app.basecamp.com
5. Under Actions, change the setting to Bypass spam filter for this message.
6. Click Save.
Step 4: Add sender to Google Contacts
To train individual mailboxes to stop flagging the sender, have affected users open Gmail, find a legitimate email from notifications@app.basecamp.com, and click Report not spam. Adding this email address directly to their Google Contacts list will also tell Gmail’s automated filters to trust the incoming messages moving forward.
By completing these steps, your team can continue collaborating on Basecamp smoothly without cluttering your IT Admin panel with false security alerts.