Content compliance setting

The Content compliance setting enables you to specify what action to perform for messages based on predefined sets of words, phrases, text patterns, or numerical patterns. The content compliance setting scans messages for content that matches one or more rules that you configure within the setting. You can choose whether these messages are rejected or delivered with modifications; for example, to notify others when the content of a message matches the rules that you set.

You have the option to set up Content compliance settings using regular expressions. A regular expression, also called a regex, is a method for matching text with patterns. For example, a regular expression can describe the pattern of email addresses, URLs, telephone numbers, employee identification numbers, social security numbers, or credit card numbers.

Similar to other email security settings, the Content compliance setting applies to all users in an organizational unit. Users within child organizations inherit the settings you create for the parent organization. You also have the option to add multiple Content compliance settings to each organizational unit.

Changes to the Content compliance setting will require at least one hour to take effect. You can track prior changes under Admin console audit log.

Note: The Content compliance setting currently supports the scanning of text attachments only, but does not scan inside common attachment types, such as .doc, .xls, and .pdf.

 

Note: The Content compliance filtering does not currently support localized text with non-ASCII characters.

To configure Content compliance settings for your domain or organizational unit:

  1. Sign in to the Google Admin console
  2. Click Google Apps > Gmail > Advanced settings
  3. In the Organizations section, highlight your domain or the organizational unit for which you want to configure settings (see Configure advanced settings for Gmail for more details).
  4. Scroll down to the Content compliance section:
    • If the setting's status is Not configured yet, click Configure (the Add setting dialog box displays).
    • If the setting's status is Locally applied, click Edit to edit an existing setting (the Edit setting dialog box displays), or click Add another to add a new setting (the Add setting dialog box displays).
    • If the setting’s status is Inherited, click View to view the inherited setting, or click Add another to add a new setting (the Add setting dialog box displays).
  5. When you're finished making changes, click Add setting or Save to close the dialog box.

    Note: Any settings you add will be highlighted on the Email settings page.
     
  6. Click Save changes at the bottom of the Email settings page.
  7. In the Content compliance window, click Add a description to enter a unique name for this setting. See the sections below for additional instructions and guidelines.
Email messages to Affect
This enables you to set the policy for inbound, outbound, or internal mail (sending/receiving within the set of domains associated with your organization). By default, each of the following check boxes is selected. However, to limit this setting to Outbound mail (for example), you can clear all check boxes, except Outbound.
  • Inbound: Messages received by your users from senders outside the set of domains associated with your company or organization
  • Outbound: Messages sent by your users to recipients outside the set of domains associated with your company or organization
  • Internal - sending: Messages sent by your users to recipients within the set of domains associated with your company or organization
  • Internal - receiving: Messages received by your users from senders within the set of domains associated with your company or organization
Add expressions that describe the content you want to search for in each message
As you create a Content compliance setting, you specify an expression (or a set of expressions).
  1. Use the drop-down list to choose one of the following two options:
    • If ANY of the following match the message—One or more expressions will result in a match and trigger the actions; therefore, if you set up multiple expressions, any matching expression results in a match.
    • If ALL of the following match the messageAll expressions must match to trigger the actions.
       

      Note: If you set up an expression with multiple words in it, the actions are triggered only if the message contains the exact list of words. For example, if you set up an expression with the words, football betting pool, the word football does not result in a match. Only the complete string of words, football betting pool, result in a match.

  2. Click Add to add an expression. (You can add several expressions to one content compliance policy.)
    • If you select a Simple content match, enter the content to search, and then click Save.
    • If you select an Advanced content match, select the Location of the text within the message and the Match type, enter the content to search, and then click Save.
    • If you select Metadata match, select the attribute to search and the Match type, and, if needed, enter the Match value, and click Save.

Note: If you select Envelope recipients for a Location match, this compares only one recipient at a time. If there are two or more recipients, the advanced content rule does not match against all of the recipients in one string.

If the above expressions match, do the following

This section enables you to specify what action to perform on a message when the conditions are met for a Content compliance setting. Two options are available in the drop-down list: 

Modify message

This option enables you to modify messages by adding headers, changing the delivery (route), changing the envelope recipient, adding more recipients (additional, or secondary routes), or removing attachments.

Content compliance routing enables you to implement special handling for certain types of email; for example, to route messages with specific content to your legal department. Do this by defining a new primary delivery—or by creating additional deliveries—that match specific text strings or patterns. For example, you can set up a content match on a word, such as confidential, and then change the primary delivery to a server that supports encryption.

Reject message
This option rejects the message before it reaches the intended recipient. You can enter customized text for the rejection notice.

Note: We recommend that you use routing settings for the specific use cases they are intended to support. For example, you can set up the same routing options by using a Content compliance setting or a Receiving routing setting; but, use a Content compliance or Objectionable content setting for content-related use cases, and use a Receiving routing setting for general routing-related use cases, such as dual delivery.

For more details and step-by-step instructions about mail routing, including use cases and examples, see Manage mail routing and delivery: Guidelines and best practices.

See the following descriptions for more details about routing and delivery controls:

Add X-Gm-Original-To header

By checking this box, a header tag is added in case the recipient is changed so that the downstream server can know the original envelope recipient; for example, X-Gm-Original-To: jjsmith@solarmora.com.

Adding the X-Gm-Original-To header is useful if you're rerouting a copy of the message to another recipient. In this case, you're changing the recipient address, but the new recipient wants to know the address of the original envelope recipient, and can see the original envelope recipient by checking the X-Gm-Original-To header in the message.

Add X-Gm-Spam header and X-Gm-Phishy header

Messages that are routed through Gmail are automatically filtered for spam and phishing. Selecting Add X-Gm-Spam header and X-Gm-Phishy header adds the following headers to indicate the spam and phishing status of the message:

For spam

0 indicates that a message is not spam: X-Gm-Spam: 0

1 indicates that a message is spam: X-Gm-Spam: 1

For phishing

The number 0 in the header indicates that a message is not phishing: X-Gm-Phishy: 0

The number 1 indicates that a message is phishing: X-Gm-Phishy: 1

Note: Any message marked as phishy is automatically marked as spam.

Selecting the Add X-Gm-Spam header and X-Gm-Phishy header option enables an administrator at a downstream server to set up rules that handle spam and phishing differently from clean mail.

Add custom headers

You can add one or more custom headers to messages that are affected by a Receiving routing, Sending routing, or other setting. For example, you can add a header that matches the description that you entered for the setting. This can be helpful for analyzing why a message was routed in a certain way, or why a filter was triggered.

Prepend custom subject

You can enter a string to prepend to the subject of messages. For example, if you enter Confidential in this field, message recipients might see the following subject: [Confidential] Monthly report

Change route

This option enables you to change the destination of the message. By default, the Gmail mail server is the primary delivery. However, you can change the delivery; for example, by routing mail to an on-premise mail server, such as Microsoft Exchange.

Before you can change the primary delivery, you must first add mail routes with the Hosts tab. The routes that you add on the Host tab are then visible in the Select a route drop-down list.

Change envelope recipient

To change the envelope recipient, click the option next to the Replace recipient field, and enter the user's email address; for example, jjsmith@solarmora.com.

Changing the envelope recipient for a message on the primary delivery is equivalent to forwarding a message to a different recipient. You can also change the envelope recipient on the additional (secondary) delivery, which is equivalent to a "bcc".

Bypass spam filter for this message

Select this option to deliver messages to recipients even if the messages are identified as spam.

Remove attachments from message

Select this option to remove any attachments from messages. Optionally, you can append text to notify recipients that attachments were removed.

Add more recipients
  1. Check the Add more recipients box to set up additional (or secondary) deliveries for dual delivery or multiple delivery.
  2. Select Basic from the drop-down list to add individual email addresses, and then click Save. Click Add to add multiple recipient addresses.
  3. Select Advanced from the drop-down list to choose advanced options for your secondary delivery. Similar to the settings that you modified for the primary delivery, you can change the envelope recipient, add headers, prepend a custom subject, and remove attachments for the secondary deliveries.

Note: Any settings that you configure for the primary delivery also affect the secondary deliveries. For example, if you change the envelope recipient, prepend a custom subject, and add custom headers to the primary delivery, the same configuration is applied to the secondary deliveries.

Require secure transport for onward delivery

Check this box to include secure delivery as part of content compliance for outbound messages.

For more details and step-by-step instructions about mail routing, including use cases and examples, see Manage mail routing and delivery: Guidelines and best practices.

Note: When you're finished, click Add Setting, and then click Save changes at the bottom of the Email settings page to confirm your changes.