If you're looking for instructions and guidelines related to legal, security, and compliance concerns, go to Google Workspace legal and compliance .
Google Workspace offers many options to meet your organization's compliance and regulatory requirements, and to protect your sensitive data.
Start here to find the policies that work best for your organization.
Index of compliance options
Footer and confidential mode
Add a standard footer to all your users' outgoing messages.
Examples:For legal compliance, branding, informational requirements, or promotions.
Enable or disable your users' ability to send or receive messages in confidential mode . When this mode is enabled, users can prevent recipients from sharing (forwarding, printing, and so on) a message containing sensitive information.
Message storage policies
Control the amount of email and chat messages stored for users in your organization.
Also specify how to archive or delete messages when their storage periods expire.
Ensure that copies of all messages your users send or receive are stored in users’ Gmail mailboxes.
Useful for:
- Organizations that use Vault
- If you reroute messages to non-Gmail email servers
- If you use an SMTP relay service with a non-Gmail system
Recipient policies and controls
Remind users when they email recipients outside your organization who they don't email regularly, or who aren't listed in their Contacts.
Example: To protect your users from unintentionally sharing information externally.
Allow users to exchange messages only with specific addresses or domains that you authorize.
Example: A school might want to allow students to exchange messages with faculty members and other students, but not with people outside of the school.
Prevent emails between users in specific organizational units.
Example: A school district might want to prevent elementary school students from receiving email from high school students.
Allow users to receive mail only from an IP address or range of addresses that you specify. By manually defining allowed IP ranges, you simultaneously allow all incoming traffic from a particular domain, and prevent spoofing from other domains.
Example: An IP lock is particularly useful with domains that don't have a Sender Policy Framework (SPF) record, or that use third party applications to send mail on behalf of the domain.
Content filtering with rules
Set up rules for how to handle messages containing specific content or expressions.
Examples:
- Reject outbound messages that contains the word “confidential.”
- Quarantine messages from IP addresses outside of a specified range.
- Route messages containing specific text strings or patterns to your legal department.
Set up rules to determine whether messages containing certain words are rejected, quarantined, or delivered with modifications.
Examples:
- Reject outbound messages that contains the word “confidential.”
- Quarantine a message that has an objectionable word.
- Notify others when a message has an objectionable word.
Set up rules for how to handle message attachments such as documents, video and sound files, images, and compressed files and archives.
Examples:
- Reject messages containing harmful file types.
- Quarantine a message with a potentially harmful attachment, for review.
- Detect encrypted attachments, which is useful if you need to send unencrypted copies of message attachments to an archive server for regulatory purposes.
Have Gmail scan or run attachments in a virtual environment called the Security Sandbox . Attachments identified as threats can then be placed in users' Spam folders or quarantined.
Use case: Protects against malicious software that might be missed by antivirus programs
Extract text from image attachments to then apply rules for content compliance or objectionable content. Extracts text from GIF, JPG, PNG, and TIFF images.
Example:Set up a content compliance rule to quarantine messages containing credit card numbers. Then turn on OCR to detect and quarantine a PNG image attachment of an invoice containing a credit card number.
Scan inbound or outbound emails for sensitive data using predefined content detectors. Then automatically quarantine, reject, or modify a message, based on its content.
Examples:Predefined content detectors exist for a range of numerical data types, including Social Security numbers, country-specific drivers license or passport numbers, credit card numbers, and many more.
Message transmission and encryption
Require email to and from specific domains or email addresses to be transmitted using Transport Layer Security (TLS). TLS is a security protocol that encrypts email to protect its privacy.
Set up compliance and routing rules that require that outgoing messages be signed and encrypted using S/MIME.
Examples:Users can intentionally turn encryption off, but you can set up a rule that overrides this action. You can also set up rules that ensure messages are encrypted when certain patterns are detected, such as credit card numbers.
Turn on MTA Strict Transport Security (MTA-STS) to require authentication checks and encryption for email sent to your domain.
Use Transport Layer Security (TLS) reporting to get information about external server connections.