Google Apps

Compliance

Content compliance setting

The Content compliance setting enables you to specify what action to perform for messages based on predefined sets of words, phrases, text patterns, or numerical patterns. The content compliance setting scans messages for content that matches one or more rules that you configure within the setting. You can choose whether these messages are rejected or delivered with modifications -- for example, to notify others when the content of a message matches the rules that you set.

You have the option to set up Content compliance settings using regular expressions. A regular expression, also called a regex, is a method for matching text with patterns. For example, a regular expression can describe the pattern of email addresses, URLs, telephone numbers, employee identification numbers, social security numbers, or credit card numbers.

For more details and instructions, see Guidelines for Using Regular Expressions, RE2 Syntax for Regular Expressions, and Examples of Regular Expressions.

Similar to other email security settings, the Content compliance setting applies to all users in an organizational unit. Users within child organizations inherit the settings you create for the parent organization. You also have the option to add multiple Content compliance settings to each organizational unit.

Note: Content compliance currently supports the scanning of text attachments only, but does not scan inside common attachment types such as .doc, .xls and .pdf.

Note: Content compliance filtering does not currently support localized text with non-ASCII characters.

To configure Content compliance settings for your domain or organizational unit:

  1. Sign in to the Google Admin console
  2. Do one of the following:  

  3. In the Organizations section, highlight your domain or the organizational unit for which you want to configure settings (see Configure email settings for an organizational unit for more details).

  4. Scroll to the Content compliance section:

    • If the setting's status is Not configured yet, click the Configure button near the right edge of the window (the Add setting dialog box opens).
    • If the setting's status is Locally applied or Inherited, click Edit to edit an existing setting (the Edit setting dialog box appears), or click Add another to add a new setting (the Add setting dialog box appears).

  5. When you are finished making changes, click Add setting or Save to close the dialog box.

    Note: Any settings you add will be highlighted on the Email settings page.

  6. Click Save changes at the bottom of the Email settings page.

In the Content compliance window, click Add a description if you want to enter a unique name for this setting. See the sections below for additional instructions and guidelines.

Email messages to Affect

This enables you to set the policy for inbound, outbound, and/or internal mail (sending/receiving within the set of domains associated with your organization). By default, each of the following check boxes is selected. However, if (for example) you want to limit this setting to Outbound mail, you can clear all check boxes except Outbound.

  • Inbound: Messages received by your users from senders outside the set of domains associated with your company or organization
  • Outbound: Messages sent by your users to recipients outside the set of domains associated with your company or organization
  • Internal - sending: Messages sent by your users to recipients within the set of domains associated with your company or organization
  • Internal - receiving: Messages received by your users from senders within the set of domains associated with your company or organization

Add expressions that describe the content you want to search for in each message

As you create a Content compliance setting, you specify an expression -- or a set of expressions -- in this section.

Follow these steps to add expressions:

  1. Use the drop-down list to choose one of the following two options:

    • If ANY of the following match the message - If you choose this option, one or more expressions will result in a match and trigger the consequences. So if you set up multiple expressions, any matching expression results in a match.
    • If ALL of the following match the message - If you choose this option, then all expressions must match to trigger the consequences.

      Note: If you set up an expression with multiple words in it, the consequences are triggered only if the message contains the exact list of words. For example, if you set up an expression with the words football betting pool, the word "football" will not result in a match. Only the complete string of words, "football betting pool" will result in a match.

  2. Click Add to add an expression. (You can add several expressions to one content compliance policy.)

    • If you choose a Simple content match, enter the content to look for, and then click Save.
    • If you choose an Advanced content match, select the Location of the text within the message, select the Match type, enter the content to look for, and then click Save.

      Note: If you choose Envelope recipients for a Location match, this compares only one recipient at a time. If there are two or more recipients, the advanced content rule does not match against all of the recipients in one string.

If the above expressions match, do the following

This section enables you to specify what action to perform on a message when the conditions are met for a Content compliance setting. You have two options in the drop-down menu: Reject message or Modify message.

Reject message
If you choose this option, the message is rejected before it reaches the intended recipient. You have the option to enter customized text for the rejection notice.

Modify message
This option enables you to modify messages by adding headers, changing the delivery (route), changing the envelope recipient, adding more recipients (additional, or secondary routes), and/or removing attachments.

Content compliance routing enables you to implement special handling for certain types of email -- for example, to route messages with specific content to your legal department. Do this by defining a new primary delivery -- or by creating additional deliveries -- that match specific text strings or patterns. For example, you can set up a content match on a word such as confidential, and then change the primary delivery to a server that supports encryption.

Note: We recommend that you use routing settings for the specific use cases they are intended to support. For example, you can set up the same routing options by using a Content compliance setting or a Receiving routing setting; but use a Content compliance or Objectionable content setting for content-related use cases, and use a Receiving routing setting for general routing-related use cases, such as dual delivery.

For more details and step-by-step instructions about mail routing, including use cases and examples, see Manage mail routing and delivery: Guidelines and best practices.

See the following descriptions for more details about routing and delivery controls.

Add X-Gm-Original-To header

By clicking this check box, a header tag is added in case the recipient is changed so that the downstream server can know the original envelope recipient -- for example, X-Gm-Original-To: jjsmith@solarmora.com.

Adding the X-Gm-Original-To header is useful if you are rerouting a copy of the message to another recipient. In this case, you are changing the recipient address, but the new recipient wants to know the address of the original envelope recipient. They can see the original envelope recipient by checking the X-Gm-Original-To header in the message.

Add X-Gm-Spam header

Messages that are routed through Gmail are automatically filtered for spam. By clicking the Add X-Gm-Spam header check box, you also add a special header tag to indicate the spam status of the message:

  • The number 0 in the header indicates a message is not spam: X-Gm-Spam: 0
  • The number 1 indicates that a message is spam: X-Gm-Spam: 1

By choosing this option, an administrator at a downstream server can set up rules that will handle spam in a different manner than clean mail.

Add custom headers

You can add one or more custom headers to messages that are affected by a Receiving routing, Sending routing, or other setting. For example, you can add a header that matches the description that you entered for the setting. This can be helpful for analyzing why a message was routed in a certain way, or why a filter was triggered.

Prepend custom subject

You can enter a string to prepend to the subject of messages. For example, if you enter the word Confidential in this field, message recipients might see the following subject: [Confidential] Monthly report

Change route

This option enables you to change the destination of the message. By default, the Gmail mail server is the primary delivery. However, you can change the delivery -- for example, by routing mail to an on-premise mail server such as Microsoft Exchange.

Before you can change the primary delivery, you must first add mail routes with the Hosts tab. The routes that you add on the Host tab are then visible in the Select a route drop-down list.

Change envelope recipient

To change the envelope recipient, click the radio button next to the Replace recipient field, and enter the user's email address -- for example, jjsmith@solarmora.com.

Changing the envelope recipient for a message on the primary delivery is equivalent to forwarding a message to a different recipient. You can also change the envelope recipient on the additional (secondary) delivery, which is equivalent to a "bcc".

Add more recipients

Select the Add more recipients check box to set up additional (or secondary) deliveries for dual delivery or multiple delivery.

Choose Basic from the drop-down list to add individual email addresses, and then click Save. You can add multiple recipient addresses by clicking the Add button.

Choose Advanced from the drop-down list to choose advanced options for your secondary delivery. Similar to the settings that you modified for the primary delivery, you can change the envelope recipient, add headers, prepend a custom subject, and remove attachments for the secondary deliveries.

Note: Any settings that you configure for the primary delivery will also affect the secondary deliveries. For example, if you change the envelope recipient, prepend a custom subject, and add custom headers to the primary delivery, the same configuration is applied to the secondary deliveries.

Remove attachments

Select this option if you want to remove any attachments from messages. Optionally, you can append text to notify recipients that attachments were removed.

For more details and step-by-step instructions about mail routing, including use cases and examples, see Manage mail routing and delivery: Guidelines and best practices.

Note: When you are finished, be sure to click Add Setting at the bottom of the dialog box, and then click Save changes at the bottom of the Email settings page to confirm your changes.

Related