Google Workspace Direct Message Injection (DMI) Setup Guide
Learn how to set up Google Workspace DMI for more realistic phishing simulations that bypass spam filters.
What is Google Workspace DMI?
Google Workspace Direct Message Injection (DMI) is an advanced email delivery method that allows Tartan to inject phishing simulation emails directly into your recipients' inboxes, bypassing spam filters and providing a more realistic phishing simulation experience.
Unlike traditional email delivery methods, DMI ensures that your phishing simulation emails reach recipients' inboxes exactly as real phishing emails would, making your security training more effective.
Video Walkthrough
Watch our step-by-step video guide to see the Google Workspace DMI setup process in action.
This walkthrough covers all the steps outlined in this guide, making it easier to follow along with the configuration process.
Prerequisites
Before setting up DMI, ensure you have:
- Google Workspace administrator access
- Recipients using email addresses from your Google Workspace domain
- Admin permissions to configure API controls in Google Workspace
Step-by-Step Setup Guide
Step 1: Configure Google Workspace API Access
- Access Google Admin Console
- Go to admin.google.com
- Sign in with your Google Workspace administrator account
- Navigate to API Controls
- Go to Security → API controls → Domain-wide Delegation
- Add New Client ID
- Click Add new to create a new client ID
- Enter the following details:
- Client ID:
106081703606845154759 - OAuth Scopes:
https://www.googleapis.com/auth/gmail.insert - Click Authorize
Step 2: Configure DMI in Tartan
- Access Account Settings
- Log into your Tartan account
- Navigate to Account Settings
- Change Email Delivery Method
- In the Email Delivery Method section, select Google Workspace DMI
- Enter your Google Workspace admin email address
- Click Test Connection to verify the setup
- If the test is successful, click Save
Step 3: Verify Recipient Configuration
Ensure all recipients you want to include in phishing simulations:
- Have email addresses from your Google Workspace domain
- Are active members of your Google Workspace organization
- Have properly configured mailboxes
Important Considerations
Recipient Email Requirements
✅ Compatible Recipients:
- • Recipients with email addresses from your Google Workspace domain
- • Active Google Workspace users
❌ Incompatible Recipients:
- • Recipients with external email addresses (Gmail, Yahoo, etc.)
- • Inactive or suspended Google Workspace accounts
Automatic Fallback System
Tartan includes intelligent failover protection:
- If your Google Workspace connection fails, the system will automatically retry after 2 hours, then again after 12 hours
- If connection issues persist, the system will automatically switch back to Domain Whitelist delivery
- You'll receive email notifications about any connection issues or delivery method changes
Troubleshooting
Connection Test Fails
If the connection test fails when setting up DMI:
- Verify your Google Workspace admin email is correct
- Ensure you have administrator privileges
- Check that the Client ID and OAuth scope were added correctly in Google Admin Console
- Confirm your Google Workspace account is active and in good standing
Emails Not Delivering to Specific Recipients
If certain recipients aren't receiving DMI emails:
- Verify the recipient's email address belongs to your Google Workspace domain
- Check that the recipient's account is active and not suspended
- Ensure the recipient has a properly configured mailbox
Recipients with delivery issues will be automatically flagged as "not active" for DMI delivery, and you'll receive notification emails about these issues.
Account Issues
If your Google Workspace account experiences issues:
- Account suspension: Resolve payment or policy issues with Google
- Admin email change: Update the admin email in your Tartan account settings
- Permission changes: Verify the admin account still has necessary permissions
Benefits of DMI vs. Traditional Email Delivery
| Feature | DMI | Traditional (Domain Whitelist) |
|---|---|---|
| Spam Filter Bypass | ✅ Complete bypass | ❌ May be filtered |
| Realistic Experience | ✅ Identical to real phishing | ⚠️ May appear suspicious |
| Delivery Reliability | ✅ Direct inbox injection | ⚠️ Depends on filters |
Need Help?
If you encounter issues or need assistance with your DMI setup:
- Contact our support team at [email protected]
- Include details about error messages or specific issues you're experiencing
- Our team can help verify your configuration and troubleshoot delivery problems
Security Note
DMI requires elevated permissions to inject emails directly into user mailboxes. This access is used solely for authorized phishing simulation purposes and follows strict security protocols to protect your organization's data and privacy.
Need additional help with DMI setup?
Contact Support