Restrict delivery setting

By default, users with Gmail accounts at your domain can send mail to and receive mail from any other email address. However, in some cases you may want to restrict the email addresses your users can exchange mail with. For example, a school might want to allow its students to exchange mail with the faculty and other students, but not with people outside of the school.

Use the Restrict delivery setting to allow the sending or receiving of email messages only from addresses or domains that you specify. When you add a Restrict delivery setting, users cannot communicate with anyone except those that you authorize.

Users who attempt to send mail to a domain that is not listed will see a message that specifies a policy prohibiting mail to that address, and the mail is not sent. Users receive only authenticated messages from listed domains. Messages sent from unlisted domains — or messages from listed domains that can't be verified using DKIM or SPF records — are returned to the sender with a message about the policy.

Note: To allow internal mail between users within your organization (the set of domains associated with your company or school), you must select the Bypass this setting for internal messages check box.

The restrictions on email delivery apply to all users who belong to the organizational units you choose or to any organizational units that are its children in the organizational tree. Users in the children organizational units inherit the restrictions.

Because you can set up multiple lists when configuring your Email settings, you can set up different Restrict delivery policies for different organizational units. Users can exchange mail without restriction if they belong to organizational units where a Restrict delivery setting is not added (and assuming other settings have not been added, such as the Blocked senders setting).

To configure Restrict delivery settings for your domain or organizational unit:

  1. Sign in to the Google Admin console
  2. Click Google Apps > Gmail > Advanced settings
     
  3. In the Organizations section, highlight your domain or the organizational unit for which you want to configure settings (see Configure email settings for an organizational unit for more details).
     
  4. Scroll down to the Restrict delivery section:
     
    • If the setting's status is Not configured yet, click the Configure button near the right edge of the window (the Add setting dialog box opens).
    • If the setting's status is Locally applied, click Edit to edit an existing setting (the Edit setting dialog box appears), or click Add another to add a new setting (the Add setting dialog box appears).
    • If the setting’s status is Inherited, click View to view the inherited setting, or click Add another to add a new setting (the Add setting dialog box opens).
       
  5. When you are finished making changes, click Add setting or Save to close the dialog box.

    Note: Any settings you add will be highlighted on the Email settings page.
     
  6. Click Save changes at the bottom of the Email settings page.

See the sections below for additional instructions and guidelines.

Add addresses or domains that you want to allow

  1. Click Add or create a new one to add a list to the setting.
  2. Enter a name for the list in the Create new list: field, and click Create. (For example, you can enter: restrict delivery list for students.)
  3. Move your pointer over the name of the list, and then click Edit.
  4. To add email addresses or domain names to the list, click Add.
  5. Enter comma or space delimited email addresses or domain names.
  6. Click Save.

All messages to or from other addresses and domains will be rejected. Edit the default rejection notice for these messages.

Optionally, you can enter a customized rejection notice -- for example, "Your email has been rejected because it violates organization policy."

Options

To allow internal mail between users within your organization, select the Bypass this setting for internal messages check box. The internal email needs to be authenticated (SPF/DKIM) for it to bypass the setting. Internal messages that are NOT authenticated will be rejected by this feature.

Save your changes
When you are finished, be sure to click Add Setting at the bottom of the dialog box, and then click Save changes at the bottom of the Email settings page to confirm your changes. Any settings you add will be highlighted on the Email settings page.