Customize spam filter settings

If you have the legacy free edition of G Suite, upgrade to G Suite Basic to get this feature. 

This article is for G Suite administrators. If you're a Gmail user, learn how to mark or unmark spam in your Gmail account.

Mail sent to your domain is subject to Google's spam filters. By default, the filters automatically move messages detected as spam into a user's Gmail spam folder.

Spam settings and filters apply to all users in an organizational unit. Users in child organizations inherit the settings you create for the parent organization.

You can further customize an organizational unit's spam filters to:

  • Be more aggressive, for strict filtering of bulk email.
  • Bypass mail sent from within your domain.
  • Use approved sender lists.

Create and use an approved sender list

You can create an approved sender list to bypass any spam filters. Approved senders list can be based on email or an entire domain. This setting only applies to incoming messages.

Approved sender lists can also be used in the following ways:

  • Reuse approved sender lists across different settings. For example, you can specify the same list in the Spam setting and the Restrict delivery setting to modify the behavior of both settings.
  • Gmail checks the addresses or domain names against the From part of the message header. Gmail does not check addresses or domain names against the Return-Path in the message header. For this reason, From must match an address or domain you entered in the list.
  • Match and add both domain and subdomain names to the approved sender list, for example abc.com and xyz.abc.com.
  • It's possible for approved senders to send spam. These messages are delivered to the recipient's inbox. They have a banner stating the message wasn't sent to the spam folder because of the organization's mail settings.  
  • If a message from an approved sender has a virus or is part of an email attack, Google's virus filters prevent it from reaching users.
  • The sender's Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy can still block messages from approved senders.

Customize a spam filter 

To bypass spam filters for messages from addresses or domains specified in an approved senders list:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenG Suiteand thenGmailand thenAdvanced settings.

    Tip: To see Advanced settings, scroll to the bottom of the Gmail page.

  3. (Optional) On the left, select an organization.
  4. Scroll to the Spam section, point to the Spam setting, and click Configure. If the setting is already configured, point to the setting and click Edit or Add Another.
  5. For a new setting, enter a unique name.
  6. To configure more aggressive spam filtering, check the Be more aggressive when filtering spam box. With this option, it's likely that more messages will be marked spam and sent to users' spam folders.

    This setting can impact spam filter behavior if you add multiple spam settings.

  7. To bypass spam filters for internal messages from users within the organization, check the Bypass spam filters for messages received from internal senders box. 

    Authenticated messages from subdomains, including subdomains not hosted by Google, are treated as internal messages.

    This setting can impact spam filter behavior if you add multiple spam settings.

  8. Check the Bypass spam filters for messages received from addresses or domains within these approved senders lists box. Then, select one or more address lists to use:
    1. Click Use existing or create a one.
    2. Enter a new list name, and click Create.
      Tip: To use an existing list as your approved sender list, click the list name.
    3. Move your pointer over the list name, and click Edit.
    4. Click AddAdd.
    5. Enter email addresses or domain names, using a space or a comma to separate multiple entries.

      Note: If you want to bypass this setting for approved senders that don't have authentication, uncheck the Require sender authentication box. This will bypass DMARC, SPF, and DKIM authentication. Learn more about sender authentication.

    6. Click Save.

    Learn more about address lists, including how to search or view all entries, and how addresses are matched against address lists.

    This setting can impact spam filter behavior if you add multiple spam settings.

  9. To send filtered messages to Admin Quarantine for review, check the Put spam in administrative quarantine box.
    • If you select this option, spam messages are never directed to users' spam folders.
    • If you're using the Message Center, spam messages aren't directed to the Message Center.

      Note: Starting October 2019, Message Center and Quarantine Summary will be deprecated. Learn more in Manage Spam Messages. We recommend using the methods described in Manage Spam Messages to manage spam when Message Center is no longer available.

    • Messages released from quarantine are marked as spam. When messages are released, they're checked against Gmail filters again when they arrive in the user's mailbox
    • This setting can impact spam filter behavior if you add multiple spam settings.
  10. Click Save.
  11. At the bottom of the Gmail Advanced settings page, click Save.

It can take up to an hour for your changes to take effect. You can track prior changes with the Admin console audit log.

How multiple spam filters affect filter behavior

When the options in this section are turned on in a spam filter:

  • They're applied to the entire organizational unit where the spam filter is used.
  • They override any spam filter in the same organizational unit that has the same option turned off.

Affected options:

  • Be more aggressive when filtering spam
  • Bypass spam filters for messages received from internal senders 
  • Bypass spam filters for messages received from addresses or domains within these approved senders lists
  • Put spam in administrative quarantine

Example

For example, you set up three spam filters for your Human Resources organizational unit:

  • Foo: This spam setting has the Be more aggressive when filtering spam turned on.
  • Bar: This spam setting has the Be more aggressive when filtering spam turned off.
  • External: This spam setting has the Be more aggressive when filtering spam turned off.

Results: The Be more aggressive when filtering spam option in Foo overrides the same option that is turned off in the Bar and External filters. Spam is filtered as if Be more aggressive when filtering spam was turned on for all three spam filters.

Was this helpful?
How can we improve it?