Customize spam filter settings in G Suite

If you have the legacy free edition of G Suite, upgrade to G Suite Basic to get this feature. 

This article is for G Suite administrators. If you're using Gmail, learn how to mark or unmark spam in your Gmail account.

Gmail spam filters automatically move spam email messages (sometimes called junk mail) into users’ spam folders. You can’t turn off Gmail’s spam filters, but you can create filters that:

  • Bypass spam classification for messages received from users on an approved senders list that you create.
  • Bypass spam classification for messages received from senders within your domain.
  • Put spam messages in quarantine so you can review them before they’re delivered to users.
  • Filter bulk email more aggressively.

Where you can apply spam filters

You can apply spam settings and filters per organizational unit. Settings and filters apply to all users in the organizational unit. Users in child organizations inherit the setting from the parent organization.

Spam filter settings can’t be applied to groups. Spam filter settings affect groups users who are in an organizational unit where the setting is applied.

Create an approved senders list to bypass spam filters

Approved senders are trusted users, so messages from these users can bypass spam filtering. You can create an address list of approved senders that bypass Gmail’s spam filters. Create the list with individual email addresses, or by adding an entire domain.

Best practices for approved senders lists

Some tips for working with approved senders lists:

  • When possible, use the same approved sender lists for multiple Gmail settings. For example, you can use the same list for Spam settings and Restrict delivery settings.
  • Match From addresses with entries in the approved sender list. Gmail checks the addresses or domains against the From part of the message header, not against the Return-Path part of the header. For this reason, From must match an address or domain you entered in the approved senders list.
  • An approved senders list that includes a domain is also applied to the subdomains.
  • If the sending domain has a DMARC policy set to reject, the policy overrides any settings for an approved senders list.
  • Approved senders lists are subject to Gmail settings size limits.

Add a list of approved senders that bypass spam filters

Notes: These settings only apply to incoming messages.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenG Suiteand thenGmailand thenSpam, Phishing and Malware.

    Note: You might find this setting at Appsand thenGoogle Workspaceand thenGmailand thenAdvanced Settings.

  3. On the left, select an organizational unit.
  4. Point to Spam and click Configure.
    If the setting is already configured, point to the setting and click Edit or Add Another.
  5. For a new setting, enter a unique name or description.
  6. Check the Bypass spam filters for messages received from addresses or domains within these approved senders lists box.
  7. Click Use existing list or Create or edit list to select an existing list, or create a list of approved senders. To add a new list:
    1. Click Create or Edit list.
    2. Scroll to the bottom of Manage address lists , and click Add address list.
    3. Enter a name for the new list.
    4. Click Add address.
    5. Enter email addresses or domain names. Use a space or comma between each entry.
    6. (Optionall) To bypass this setting for approved senders that don’t have authentication, you can turn off ""Authentication required for each user. This bypasses SPF and DKIM authentication.
    7. Click Save to save the new address list.
  8. (Optional) To turn on other spam filter options, check the box next to each option.
  9. At the bottom of the settings page, click Save to save the new spam setting.

It can take up to 24 hours for your changes to take effect. You can track changes in the Admin console audit log.

What if I get spam or malware from someone on the approved senders list?

If you get spam or malware from an approved sender:

  • If an approved sender sends spam, the messages are delivered to the recipient's inbox, not to the spam folder. Bypassed messages display a banner: "This message wasn’t sent to Spam because of your organization’s settings."
  • If an approved sender’s message has a virus or is part of an email attack, Google's virus filters prevent it from reaching your users.
  • Ask the sender to set up DMARC so their valid messages are delivered to the inbox, and not sent to spam.

More spam filter options

To further customize how Gmail bypasses spam filtering, use these Spam setting options.

Spam setting option Description
Be more aggressive when filtering spam Turns on more aggressive spam filtering. It’s likely more messages will be marked spam and sent to users' spam folders.
Bypass spam filters for messages received from internal senders

Bypasses spam filters for internal messages from users within your organization. Learn more about bypassing spam filters for internal senders.

Authenticated messages from subdomains, including subdomains not hosted by Google, are treated as internal messages.

Put spam in administrative quarantine Sends filtered messages to email quarantine for review, instead of sending them to the user’s spam folder.

When you removes messages from quarantine to be delivered to users, they’re checked against Gmail’s spam filters again.

Filter option behavior with multiple filters

Some spam filter options are applied to the entire organizational unit where the filter is used. They also override any other filter for the organizational unit that has the option turned off. These options are:

  • Bypass spam filters for messages received from addresses or domains within these approved senders lists
  • Be more aggressive when filtering spam
  • Bypass spam filters for messages received from internal senders
  • Put spam in administrative quarantine

Related topics

Spam and authentication

Using address lists

Was this helpful?
How can we improve it?