Objectionable content setting
The Objectionable content setting enables you to specify what action to perform for messages based on word lists that you create. With Objectionable content policies, you choose whether messages containing certain words (such as obscenities) are rejected or delivered with modifications; for example, to notify others when the content of a message matches the rules that you set.
You can also configure this setting to reject outbound emails that may contain sensitive company information; for example, by setting up an outbound filter for the word confidential.
Similar to other email security settings, the Objectionable content setting applies to all users in an organizational unit. Users within child organizations inherit the settings you create for the parent organization. You also have the option to add multiple Objectionable content settings to each organizational unit.
Changes to the Objectionable content setting may require up to one hour to take effect. You can track prior changes with the Admin console audit log.
- Most advanced Gmail settings (for example, Content compliance, Objectionable content, and Attachment compliance), do not apply to mailing lists, only to users. The Default routing setting can be applied to mailing lists, however.
- The Objectionable content setting supports the scanning of text attachments and common attachment types, such as .doc, .xls and .pdf.
- The Objectionable content filtering does not currently support localized text with non-ASCII characters.
To configure Objectionable content settings for your domain or organizational unit:
- Sign in to the Google Admin console.
- From the dashboard, go to Apps > G Suite > Gmail > Advanced settings.
- In the Organizations section, highlight your domain or the organizational unit for which you want to configure settings (see Configure advanced settings for Gmail for more details).
- Scroll down to the Objectionable content section:
- If the setting's status is Not configured yet, click Configure (the "Add setting" dialog box displays).
- If the setting's status is Locally applied, click Edit to edit an existing setting (the "Edit setting" dialog box displays), or click Add another to add a new setting (the "Add setting" dialog box displays).
- If the setting’s status is Inherited, click View to view the inherited setting, or click Add another to add a new setting (the "Add setting" dialog box displays).
- In the Objectionable content window, enter a unique name for this setting.
- See the sections below for additional instructions and guidelines. When you're finished making changes, click Add Setting or Save to close the dialog box.
Note: Any settings you add will be highlighted on the "Email settings" page.
- Click Save changes at the bottom of the Advanced settings page.
- Inbound— Messages received by your users from senders outside the set of domains associated with your company or organization
- Outbound—Messages sent by your users to recipients outside the set of domains associated with your company or organization
- Internal - sending—Messages sent by your users to recipients within the set of domains associated with your company or organization
- Internal - receiving—Messages received by your users from senders within the set of domains associated with your company or organization
To create a list of Custom objectionable words:
- Click Edit > Add.
- In the Enter words field, type a list of words (separated by spaces or commas).
- Click Save.
- Capitalization is ignored. For example, "BAD" will match "bad", Bad", and "BAD"
- Only complete words will be matched. For example, if you add "bad" to the custom word list, "badminton" will not be matched.
- Word search is performed on subject, body, and text attachments.
This section enables you to specify what action to perform on a message when the conditions are met for an Objectionable content setting. You have three options in the drop-down list:Modify message, Reject message, or Quarantine message.
This option enables you to modify messages by adding headers, changing the route, changing the envelope recipient, adding more recipients (additional, or secondary routes), and removing attachments.
Objectionable content routing enables you to implement special handling for certain types of email; for example, to route messages with specific content to your human resources department. Do this by defining a new primary route, or by creating additional routes that match specific text strings or patterns.
This option rejects the message before it reaches the intended recipient. The default rejection message is: "Sorry, a policy is in place that prevents your message from being sent. Please contact your administrator." You can also enter customized text for the rejection notice.
This option sends the message to an admin quarantine, where you can review the message before deciding whether to send it to its intended recipient or reject it.
For more details and step-by-step instructions about mail routing, including use cases and examples, see Manage mail routing and delivery: Guidelines and best practices.
See the following descriptions for more details:
Add X-Gm-Original-To header
By checking this box, a header tag is added in case the recipient is changed so that the downstream server can know the original envelope recipient; for example, X-Gm-Original-To: firstname.lastname@example.org.
Adding the X-Gm-Original-To header is useful if you're rerouting a copy of the message to another recipient. In this case, you're changing the recipient address, but the new recipient wants to know the address of the original envelope recipient, and can see the original envelope recipient by checking the X-Gm-Original-To header in the message.
Messages that are routed through Gmail are automatically filtered for spam and phishing. Selecting the Add X-Gm-Spam header and X-Gm-Phishy header option adds the following headers to indicate the spam and phishing status of the message:
0 indicates that a message is not spam: X-Gm-Spam: 0
1 indicates that a message is spam: X-Gm-Spam: 1
0 indicates that a message is not phishing: X-Gm-Phishy: 0
1 indicates that a message is phishing: X-Gm-Phishy: 1
Choosing the Add X-Gm-Spam header and X-Gm-Phishy header option enables an administrator at a downstream server to set up rules that handle spam and phishing differently from clean mail.
You can add one or more custom headers to messages that are affected by the Objectionable content setting. For example, you can add a header that matches the description that you entered for the setting, which can be helpful for analyzing why a message was routed in a certain way, or why a filter was triggered.
You can enter a string to prepend to the subject of messages. For example, if you enter Confidential, message recipients might see the following subject: [Confidential] Monthly report.
The Change route option enables you to change the destination of the message. By default, the Gmail mail server is the primary delivery location. However, you can change the delivery location; for example, by routing mail to an on-premise mail server such as Microsoft Exchange.
Before you can change the delivery location, you must first add mail routes with the Hosts tab. The routes that you add on the Hosts tab are then visible in the route drop-down list.
The Reroute spam option is visible when you check the Change route box. Reroute spam enables you to route all mail that matches the criteria of the setting, including mail that has been marked as spam. If you check the Change route box but do not check the Reroute spam box, then normal mail is rerouted but spam mail is not rerouted (spam messages are stored in the G Suite platform for 30 days).
- Whether you check the Reroute spam box or not, blatant spam is not rerouted since it’s dropped instantly at delivery time.
- If mail is classified as spam but one of the G Suite email settings overrides that (for example, due to a sender whitelist), then the mail is not considered to be spam for this purpose and will be rerouted as normal mail.
To change the envelope recipient, click the option next to the Replace recipient field, and enter the user's email address; for example, email@example.com.
Changing the envelope recipient for a message on the primary delivery is equivalent to forwarding a message to a different recipient. You can also change the envelope recipient on the additional (secondary) delivery, which is equivalent to a "bcc".
Select this option to deliver incoming messages to recipients even if the spam filter identifies these messages as spam.
Select this option to remove any attachments from messages. Optionally, you can append text to notify recipients that attachments were removed.
- Check the Add more recipients box to set up additional (or secondary) deliveries for dual delivery or multiple delivery.
- Select Basic from the drop-down list to add individual email addresses, and then click Save. Click Add to add multiple recipient addresses.
- Select Advanced from the drop-down list to choose advanced options for your secondary delivery. Similar to the settings that you modified for the primary delivery, you can change the envelope recipient, add headers, prepend a custom subject, and remove attachments for the secondary deliveries.
Any settings that you configure for the primary delivery also affect the secondary deliveries. For example, if you change the envelope recipient, prepend a custom subject, and add custom headers to the primary delivery, the same configuration is applied to the secondary deliveries.
For secondary deliveries, the Do not deliver spam to this recipient and Suppress bounces from this recipient boxes are checked by default. Suppress bounces from this recipient prevents bounces from going back to the original sender.
Check this box to include secure delivery for outbound messages.
Click Show options to configure additional options for this setting. For details, see the sections below.Approved address lists
Check the Bypass this setting… box to allow messages from a specific set of addresses or domains to bypass an Objectionable content setting. A message from these addresses or domains is delivered even when the message matches the conditions of a Objectionable content setting (note that other settings may still cause the message to be blocked).
To create a list of addresses or domains that bypass the Objectionable content setting:
- In the Options section, check the Bypass this setting… box.
- Click Use existing or create a new one.
- Select the name of an existing list, or enter a custom name for a new list in the Create new list field, and then click CREATE.
- Hover over the list name, and click Edit.
- To add email addresses or domains to the list, click Add.
- Enter an email address or domain name; for example, solarmora.com.
Note: Click Do not require sender authentication to bypass the Objectionable content setting for approved senders that do not have authentication (such as SPF or DKIM) enabled. Use this option with caution as it can potentially lead to spoofing.
- Click Save > Add again to include additional email addresses or domains in the list.
The Objectionable content setting will only apply to the account types that you select: Users, Groups, and/or Unrecognized / Catch-all.
For example, you can configure an Inbound setting that only applies to groups (the groups must be the recipient); or if you’re configuring an Outbound setting, the account type selected must match with the sender.
To save the Objectionable content setting, you must check at least one of these boxes. By default, only Users is checked, since it's the traditional use case.
If you’re configuring the top-level org on the Gmail advanced settings page, all three of these options are available. If you’re configuring any of the sub-level organizational units, only the Users options is available.
You can choose to affect only specific envelope senders and recipients. You can specify single recipients by typing an email address for that user, and you also have the option to specify groups.
To set up an Envelope filter, check the Only affect specific envelope senders box and/or the Only affect specific envelope recipients box, and choose one of the following options from the drop-down list:
- Single recipient—Specify a single user by typing an email address; for example, firstname.lastname@example.org.
- Pattern match—With this option, type a regular expression to specify a set of senders or recipients in your domain. Click Test expression to make sure your syntax is correct. For example, you can ensure this setting applies only to three specific users by typing the list of users using the following regular expression syntax:
For more information about using regular expressions, see Guidelines for using regular expressions.
- Group membership—Select one or more groups in the list (if you haven’t done so already, you’ll need to create groups).
When you're finished, click Add Setting to confirm your changes, and then click Save changes at the bottom of the advanced settings page.