As an administrator, you can protectincoming mail against phishing and harmful software (malware). You can alsochoose what action to take based on the type of threat detected. For example, you might choose to move suspicious content to your Spam folder, or choose toleave it in your inbox with a warning. All the security settings can be tailored for different users and teamsusing organizational units.
By default, Gmail displays warnings, and moves untrustworthyemails to the spam folder. Using the settings in this article helps you identifyadditional unwanted or harmful emails.
Note: If you use these advanced phishing and malware settingsand dynamic email for your organization, learn how compliance rules are applied to dynamic messages.
Advanced security settings
-
Attachments—Protection against suspiciousattachments and scripts from untrusted senders. Includes protection againstattachments types that are uncommon for your domain—these can be used to spread malware.
-
Links and external images—Identify links behind short URLs, scan linked images for malicious content, and display a warning when you click links to untrusted domains.
-
Spoofing and authentication—Protection against spoofing a domain name, employee names, email pretending to be from your domain, and unauthenticated email from any domain. Unauthenticated emails displaya question mark next to the sender’s name. Spoofing protection can be turned on forprivate groups, or for all groups.
With advanced settings, you can:
-
Automatically turn on and apply future recommended settings. Thisensures maximum protection for email and attachments foryour domain.
-
Provide the strongest level of protection for a domain or organizational unit by turning onall security options.
-
Customize security settings by checking only the options you want to turn on. Unchecking all options turns offall advanced security settings for the domain or organizational unit.
-
Specify an action for each security option you turn on. If you don’t select an action, the default action is applied to the security option.
Keep in mind:
-
Other spam settings—Generally, these advanced security features work independently ofother spam settings you might have previously turned on. For example, even if you've listed a domain as a safe sender in spam settings, the enhanced security features are still applied.
-
Warning banners—Certain Spam setting options preventwarning bannersfor possibly malicious messages. When you select either of these Spam setting options, Gmail never displayswarning banners:Bypass spam filters and hide warnings for messages from senders or domains in selected listsand Bypass spam filters and hide warnings for all messages from internal and external senders.Warning banners (yellow box) appear only in Gmail web. Third-party appsdo not displaya warning banner.
-
Quarantine action—When you selectQuarantinefor any of the advanced security settings, the quarantine you select applies only to incoming messages. Thisis true even when the quarantine you select specifies actions to take on outgoing messages. Allowlist settings don'toverride the Quarantineoption.
How selected actions impact users
This table shows actions that you, as theadministrator, can select for each advanced security setting, and the impact to users of each action.
| Action | Impact to user |
|---|---|
| Warning | Messages are delivered to the user's inbox. The user sees a warning banner about the message. Users can open and read the message with this option. See:
|
| Move email to spam | Messages are delivered to the user's spam folder. Users can go to the spam folder and open and review spam messages. Users can mark messages as "not spam" if applicable. Users don't see banners with this action. |
| Quarantine | When this action is selected, users don't see anything.Messages are sent to admin quarantine and the admin reviews them to determine whether or not they are safe, and then "Allow" message to be delivered to users' inbox. Users don't see banners with this action. See: Set up and manage email quarantines |
Apply advanced security settings
Google scans all messages to protect against malware, whether or not attachment security settings are turned on. Enforce extra, specific actions for certain types of files withthe settings in this section. Thesesettings protect against senders with no prior Gmail history or with a low sender reputation.
-
Sign in to your GoogleAdminconsole.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu
AppsGoogle WorkspaceGmailSafety. - In the Safetysection, scroll to Attachments.
- Select the setting and actionyou want to apply toincoming emails. (Details below)
Apps| Attachments settings | Actions |
|---|---|
| Protect against encrypted attachments from untrusted senders Protect against attackers who use encrypted attachments, which can't be scanned for malware. |
|
| Protect against attachment with scripts from untrusted senders Protect against documents that contain malicious scripts that can harm your devices. |
|
| Protect against anomalous attachment types in emails Protect against attachment file types that are uncommonfor your domain. Uncommon and archaic file types can be used to spread malware. You can allowlist uncommon file types that you approve and thatare regularly sent toyour domain.Messages with allowlisted file attachments are delivered tothe recipient's inbox. Enter file extensions in the Allowlist the following uncommon filetypes field without a preceding period and separated by commas. For example: arj, iqy, par |
|
| Apply future recommended settings automatically When we add new, recommended security settings for attachments, those settings are turned on by default. | |
Turn on suspicious email link protection for IMAP users
If users in your organization send and receive email using supported, third-party IMAP email clients, we recommend you turn on link protection for IMAP clients.
When link protection is on for IMAP clients, clicking a link in a recent message starts a malicious link check. If no malicious links are detected, the recipientis taken to the destination. For older messages, a window might appear, and you can tap or click to open the link.
Turn on external images and links protection
-
Sign in to your GoogleAdminconsole.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu
AppsGoogle WorkspaceGmailSafety. - In the Safety section, scroll toLinks and external images.
- Select the desired security settings. (Details below)
| Links and external images settings | |
|---|---|
| Identify links behind shortened URLs | Allow discovery of harmful links hidden behind shortened URLs. |
| Scan linked images | Allow scanning of images referenced by links to find hidden malicious content. |
| Show warning prompt for any click on links to untrusted domains | Gmail displays a warning when youclick a link to untrusted domains in any email message. If this feature isn't on, warnings only appear for clicks to untrusted domains from suspicious emails. |
| Apply future recommended settings automatically | When we add new, recommended security settings for links and external images, those settings are turned on by default. |
Turn on spoofing and authentication protection
-
Sign in to your GoogleAdminconsole.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu
AppsGoogle WorkspaceGmailSafety. -
In the Safety section, scroll to Spoofing and authentication.
- Select the settingsandactionsyou want to apply toincoming emails. See details below.
| Spoofing and authentication settings | Actions |
|---|---|
| Protect against domain spoofing based on similar domain names Protect against incoming messages from domains that appear visually similar to your company's domains or domain aliases. |
|
| Protect against spoofing of employee names Protect against messages where the sender's name is a name in your Google Workspace directory, but the email isn't from your company domain or domain aliases. |
|
| Protect against inbound emails spoofing your domain Protect against potential Business Email Compromise (BEC) messages not authenticated with either SPF or DKIM, pretending to be from your domain. |
|
| Protect against any unauthenticated emails Protects against messages that are not authenticated. Messages must be authenticated (by any domain)with either SPF or DKIM (or both). |
|
| Protect Groups from inbound emails spoofing your domain Protect your Google Groups from inbound emails spoofing your domain. You can apply this setting to all groups or to private groups only. |
|
| Apply future recommended settings automatically When we add new, recommended security settings for spoofing and authentication, those settings are turned on by default. | |
Was this helpful?
How can we improve it?
Need more help?
Try these next steps:
Start your free 14-day trial today
Professional email, online storage, shared calendars, video meetings and more. Start your free Google Workspace trial today.
