Overview: Choose Gmail content filtering and data protection options

If you're looking for instructions and guidelines related to legal, security, and compliance concerns, go to Google Workspace legal and compliance .

Google Workspace offers many options to meet your organization's compliance and regulatory requirements, and to protect your sensitive data.

Start here to find the policies that work best for your organization.

Footer and confidential mode 

Add a standard footer to users' outbound messages

Add a standard footer to all your users' outgoing messages.

Examples:For legal compliance, branding, informational requirements, or promotions.

Protect Gmail messages with confidential mode

Enable or disable your users' ability to send or receive messages in confidential mode . When this mode is enabled, users can prevent recipients from sharing (forwarding, printing, and so on) a message containing sensitive information.

Message storage policies

Control email and chat storage

Control the amount of email and chat messages stored for users in your organization.

Also specify how to archive or delete messages when their storage periods expire.

Set up comprehensive mail storage

Ensure that copies of all messages your users send or receive are stored in users’ Gmail mailboxes.

Useful for:

  • Organizations that use Vault
  • If you reroute messages to non-Gmail email servers
  • If you use an SMTP relay service with a non-Gmail system

Recipient policies and controls

Set up external recipient notifications

Remind users when they email recipients outside your organization who they don't email regularly, or who aren't listed in their Contacts. 

Example: To protect your users from unintentionally sharing information externally.

Allow emails only with authorized addresses or domains

Allow users to exchange messages only with specific addresses or domains that you authorize.

Example: A school might want to allow students to exchange messages with faculty members and other students, but not with people outside of the school.

Block emails between specific users or groups

Prevent emails between users in specific organizational units. 

Example: A school district might want to prevent elementary school students from receiving email from high school students. 

Enforce an "IP lock" in Google Workspace

Allow users to receive mail only from an IP address or range of addresses that you specify. By manually defining allowed IP ranges, you simultaneously allow all incoming traffic from a particular domain, and prevent spoofing from other domains.

Example: An IP lock is particularly useful with domains that don't have a  Sender Policy Framework  (SPF) record, or that use third party applications to send mail on behalf of the domain.

Content filtering with rules

Set up rules for advanced email content filtering

Set up rules for how to handle messages containing specific content or expressions.      

Examples:

  • Reject outbound messages that contains the word “confidential.”
  • Quarantine messages from IP addresses outside of a specified range.
  • Route messages containing specific text strings or patterns to your legal department.
Set up rules for objectionable content

Set up rules to determine whether messages containing certain words are rejected, quarantined, or delivered with modifications.

Examples:

  • Reject outbound messages that contains the word “confidential.”
  • Quarantine a message that has an objectionable word.
  • Notify others when a message has an objectionable word.
Set up rules for basic email content filtering

Set up rules for how to handle message attachments such as documents, video and sound files, images, and compressed files and archives.

Examples:

  • Reject messages containing harmful file types.
  • Quarantine a message with a potentially harmful attachment, for review.
  • Detect encrypted attachments, which is useful if you need to send  unencrypted  copies of message attachments to an archive server for regulatory purposes.
Set up rules to detect harmful attachments

Have Gmail scan or run attachments in a virtual environment called the Security Sandbox . Attachments identified as threats can then be placed in users' Spam folders or quarantined.

Use case: Protects against malicious software that might be missed by antivirus programs

Use optical character recognition (OCR) to read images

Extract text from image attachments to then apply rules for content compliance or objectionable content. Extracts text from GIF, JPG, PNG, and TIFF images.

Example:Set up a content compliance rule to quarantine messages containing credit card numbers. Then turn on OCR to detect and quarantine a PNG image attachment of an invoice containing a credit card number. 

Scan your email traffic using DLP rules

Scan inbound or outbound emails for sensitive data using predefined content detectors. Then automatically quarantine, reject, or modify a message, based on its content.

Examples:Predefined content detectors exist for a range of numerical data types, including Social Security numbers, country-specific drivers license or passport numbers, credit card numbers, and many more.  

Message transmission and encryption

Require mail to be transmitted via a secure TLS connection

Require email to and from specific domains or email addresses to be transmitted using Transport Layer Security (TLS). TLS is a security protocol that encrypts email to protect its privacy.

Set up rules to require S/MIME signature and encryption

Set up compliance and routing rules that require that outgoing messages be signed and encrypted using S/MIME.

Examples:Users can intentionally turn encryption off, but you can set up a rule that overrides this action. You can also set up rules that ensure messages are encrypted when certain patterns are detected, such as credit card numbers.

Use Google Workspace certificates for secure transport (TLS)
Use Transport Layer Security (TLS) certificates to encrypt your users' mail for secure inbound and outbound delivery.
Increase email security wit MTA-STS and TLS reporting

Turn on MTA Strict Transport Security (MTA-STS) to require authentication checks and encryption for email sent to your domain.

Use Transport Layer Security (TLS) reporting to get information about external server connections.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
13435119791389813037
true
Search Help Center
true
true
true
true
true
73010
false
false
Design a Mobile Site
View Site in Mobile | Classic
Share by: