Search
Clear search
Close search
Google apps
Main menu

Configure advanced settings for Gmail

The Gmail advanced settings page enables you to configure many different email settings for your Google Apps domains. You can also configure settings for specific organizational units.

This article provides an overview of the Gmail advanced settings page, a description of the available features, instructions for how to use the various controls on this page, and guidelines for predicting the behavior of settings.

Before you begin:

  • Most advanced Gmail settings only apply to users and do not apply to mailing lists. One exception is the Default routing setting, which does apply to mailing lists.
  • Before you can customize your email settings for specific organizational units, you first need to add organizational units. For more details, see Configure services for different users.
  • After you configure an email setting, it may take up to one hour for that configuration to propagate to individual user accounts.
  • In rare cases, some users may experience message delays if you configure a very large number of Gmail advanced settings. These delays would only affect messages with a very large number of recipients. The first recipient is always accepted no matter how many settings are configured.
  • If you set up POP3 mail fetching, any advanced Gmail settings you configure for incoming mail apply to Mail Fetcher messages also.

To configure advanced settings for Gmail:

  1. Sign in to the Google Admin console.
  2. From the dashboard, go to Apps > Google Apps > Gmail > Advanced settings.
  3. In the Organizations section, highlight the organizational unit for which you want to configure settings.
  4. Scroll down to the relevant sections to configure your settings. You can also use the Search settings text box to enter a search term to quickly find the Gmail setting you need.
  5. After making changes to your settings, click Save Changes.

See the sections below for general guidelines and instructions related to specific settings.

Email setting descriptions

The email settings are divided into the following sections: Setup, End User Settings, End User Access, Spam, Compliance, and Routing. The settings contained within these sections are listed here.

Setup
  • Web address (top-level org only)—Change the URL for your users' Gmail login page.
  • MX records (top-level org only)—View your MX records.
  • User email uploads (top-level org only)—Allow users to upload mail using the Email Migration API.
  • Uninstall service (top-level org only)—For guidelines, see Disable your email service.
End User Settings
  • Themes—Specify whether users can choose their own themes.
  • Email Read Receipts—Specify whether users can request or return read receipts (see Enable read receipts).
  • Mail delegation—Let users delegate access to their mailbox to others in the domain.
  • Emailing profiles—Specify whether users can send or receive emails via their Google+ profiles. Default is OFF.
    Note: This setting only appears if you have Google+ enabled for the domain.
  • Name format—Configure the name format for users, or allow your users to customize this setting.
  • Apps search—Include relevant Drive documents and Sites in mail search results. The Apps search results appear below the mail search results.
End User Access
  • POP and IMAP access—Enable or disable POP and IMAP access for users (see IMAP and POP access).
  • Outlook & BlackBerry Support—Enable Google Apps Sync and Google Apps Connector for users.
  • Automatic forwarding—Specify whether users can automatically forward incoming email to another address (see Disable automatic forwarding).
  • Offline Gmail—Enable offline Gmail for users.
  • Allow per-user outbound gateways—Allow users to send mail through an external SMTP.
  • Image URL proxy whitelist (top-level org only)—Create and maintain a whitelist of internal URLs that bypasses proxy protection (see Image URL proxy whitelist setting).
Spam
  • Email whitelist (top-level org only)—Create an email whitelist, which is a list of IP addresses from which users expect to receive legitimate mail (see Email whitelist).
  • Inbound gateway (top-level org only)—Enter inbound mail gateways if you have them (see Inbound gateway).
  • Spam—Create an approved sender list to bypass the spam folder, or turn on aggressive spam filtering to enforce a more stringent filtering of bulk email (see Customize spam filter settings).
  • Blocked senders—Block specific senders based on the email address or domain (see Blocked senders setting).
Compliance
  • Email retention (top-level org only)—Control the amount of mail that's stored for each user (see Email retention).
  • Append footer—Configure outbound messages with footer text for legal compliance, or for informational and promotional requirements (see Append footer setting).
  • Comprehensive mail storage—Ensure that a copy of all sent or received mail—including mail sent or received by non-Gmail mailboxes—is stored in the associated users' Gmail mailboxes (see Comprehensive mail storage settings).
  • Restrict delivery—Restrict the email addresses users can exchange mail with (see Restrict delivery).
  • Content compliance—Specify what action to perform for messages based on predefined sets of words, phrases, text patterns, or numerical patterns (see Content compliance setting).
  • Objectionable content—Specify what action to perform for messages based on word lists that you create (see Objectionable content setting).
  • Attachment compliance—Specify what action to perform for messages with attachments (see Attachment compliance setting).
  • Secure transport (TLS) compliance—Require mail to be transmitted via a secure connection when users correspond with specific domains and email addresses (see TLS setting).
Routing
  • Email routing (top-level org only)—A set of legacy routing controls for your domain. See Mail routing and delivery: Guidelines and best practices before configuring your routing controls.
  • Outbound gateway (top-level org only)—Set an outbound mail gateway—a server through which all mail sent from your domain passes (see Outbound mail gateway).
  • Recipient address map (top-level org only)—Apply one-to-one mapping (aliases) to recipient addresses on messages received by your domain (see Recipient address map).
  • Receiving routing—Set up inbound and internal-receiving delivery options, such as dual delivery and split delivery (see Receiving routing setting).
  • Sending routing—Set up outbound and internal-sending delivery options (see Sending routing settings).
  • Vault settings for Exchange Journals (top-level org only)—Specify an email address in your domain that receives your Exchange journal messages. See Vault settings for Exchange journals.
  • Non-Gmail mailbox—Reroute messages to users' non-Gmail mailboxes, if your organization uses a non-Gmail mail service such as Microsoft Exhange or other non-Google SMTP service. You can also use this setting to configure quarantine summary reports for your non-Gmail users (see Non-Gmail mailbox routing and Quarantine Summary).
  • SMTP relay service (top-level org only)—Set options for routing outbound mail through Google (see SMTP relay service setting).
  • Alternate secure route (top-level org only)—Set an alternate secure route when secure transport (TLS) is required (see Alternate secure route).
Organizational units, settings, conditions, and actions

Organizational unit
An organizational unit (also known as an org unit) is a container for a specific subset of users within your company, and enables you to customize settings for specific groups of users within your domain.

Email setting
An email setting enables you to specify what action to perform on a message (for example, to reject it, or change its route) depending on whether or not that message matches the conditions you specify in the setting. For example, you can configure an Attachment compliance setting to reject messages with attachments that exceed 20 MB, or you can configure a Content compliance setting to reject messages that contain certain words. You can configure multiple email settings for a given organizational unit.

Conditions and actions
If a message matches the conditions that you specify in an email setting, an action is performed on that message. If the conditions do not match, the action is not applied.

An email setting can have one or more conditions. The following are examples of conditions:

  • The message body contains the word confidential.
  • The envelope “from” address matches sender@example.com.
  • The message contains a compressed file attachment.

The following are examples of actions:

  • Reject message—The message is not delivered.
  • Add X-Gm-Original-To header, Add X-Gm-Spam header and X-Gm-Phishy header, and Add custom headers—Add an additional X-header to the message headers.
  • Prepend custom subject—Alter the subject header to include prefix text.
  • Change route—Change where the message is routed. For example, users with non-Gmail inboxes may have their mail routed to an on-premise Exchange server.
  • Change envelope recipient—This may alter where the message is delivered. When used in conjunction with Add more recipients, this implements the ‘bcc’ feature. If not, it is effectively a ‘forward’.
  • Bypass spam filter for this message—Messages that match the conditions of the setting and are identified as spam will be delivered to the intended recipient.
  • Remove attachments from message—Attachments are removed before delivery to the intended recipient.
  • Add more recipients—The message is also delivered to these recipients.
  • Require secure transport for onward delivery—Outbound messages require secure delivery.
How to use the controls on the Gmail advanced settings page

The controls on the Gmail advanced settings page vary depending on the type of setting you need to configure:

  • For the Setup, End User Settings, and End User Access sections, you can make changes directly within the Gmail advanced settings page using check boxes and text boxes.
  • For many of the Spam, Compliance, and Routing settings, you must hover your mouse anywhere in the setting’s area on the page to access the controls. These hover controls—which appear on the right—let you add, edit, disable, delete, and perform other actions on a setting’s configuration.

 

Admin console - Advanced gmail settings - hover controls 2

The settings that use hover controls are as follows:

Spam

  • Spam
  • Blocked senders

Compliance

  • Append footer
  • Restrict delivery
  • Content compliance
  • Objectionable content
  • Attachment compliance
  • Secure transport (TLS) compliance

Routing

  • Recipient address map
  • Receiving routing
  • Sending routing
  • Vault Settings for Exchange Journals
  • Non-Gmail mailbox
  • SMTP relay service
  • Alternate secure route

For settings in the Spam, Compliance, and Routing sections that do not appear in the above list, configure the setting directly on the Gmail advanced settings page—for example, the Email whitelist setting shown in the image below.

Admin console - Advanced Gmail settings

To configure settings directly on the Gmail advanced settings page (all settings in the Setup, End User, and End User Access sections, plus a few in the other sections):

  1. In the Organizations section, highlight the top-level org (or the sub-org) for which you want to configure settings.
  2. Scroll down the page to the relevant sections, or use the Search settings box to enter a search term or setting.
  3. Adjust these settings directly within the Gmail advanced settings page.
  4. Click Save changes.
Tip: When searching for a specific setting, you can type in a search term and then click a different organizational unit. This enables you to review how a particular setting is configured across organizational units.

To configure settings using the hover controls (most settings in the Spam, Compliance, and Routing sections):

  1. In the Organizations section, highlight the top-level org (or the sub-org) for which you want to configure settings.
  2. Scroll down the page to the relevant sections, or use the Search settings box to enter a search term or setting.
  3. Hover your mouse anywhere in the setting’s area on the page to access the controls.
    Note: For a few of the Spam, Compliance, and Routing settings, you can access the controls directly on the Gmail advanced settings page.
  4. Click the appropriate control:
    • When you click Configure, View, Edit, or Add another, a dialog box displays with the options for that setting.
    • When you click Copy to organization, a dialog box displays that enables you to select the target organization.
    • When you click Disable, Enable, or Delete, no dialog box displays.
  5. Click Save changes.
Tip: When searching for a specific setting, you can type in a search term and then click a different organizational unit. This enables you to review how a particular setting is configured across organizational units.

Hover controls

The following sections describe the various hover controls on the Gmail advanced settings page, and the situations in which you might use them:

Configure

This control displays only if you have not configured the setting yet. Click Configure to set options for the setting, and then click Add Setting.

For example, if you want to set up a new Content compliance setting, click Configure to set the options for this setting.

View

This control is available for inherited settings only. Use this control when you want to check the configuration of an inherited setting. 

Click View to see the options selected for that setting. (You can’t make any changes to the options.) If you need to change an inherited setting’s configuration, use the Add another control, described below, to create a new configuration. Click Close when you are done.

Edit

This control is available for locally applied settings only. For a setting you configured, click Edit to make changes to the setting’s configuration. Click Save when you're done.

For example, if your company name or web address changes, you may need to edit the Add footer setting to update the information in your email footer.

Disable/Enable

Disabling a setting does not impact the options you chose for the setting; it merely turns the setting off. To turn the setting back on, click Enable. These controls are available for both inherited and locally applied settings.

For example, if a setting’s configuration is not giving you the expected results, you can disable the setting temporarily to make adjustments, and then re-enable it later.

You can also make a copy of a setting, disable it, make adjustments, and then toggle the enabled states of the original and new settings for comparison.

Delete

This control is available for locally applied settings only. For a setting you configured, click Delete to both disable the setting and delete that setting’s configuration. To confirm the deletion, click Save Changes. To enable this setting again, you must click Configure and select new options for the setting.

For example, at a certain point you might want to clear your blocked senders list. Use this control to delete this setting’s configuration. You can then create a new configuration.

Add another

Use this control to add an additional configuration for a given setting. Click Add setting when you're done. This control is available for both inherited and locally applied settings.

For example, your inherited Objectionable content setting might contain a list of objectionable words for your entire organization. For a specific organizational unit, you might want to include some additional words that apply to that org unit only. You would use the Add another control to create that list of words for that org unit.

Copy to organization

Use this control to quickly copy a configured setting to a different organization. After you select the target organization, check the box to enable the setting for that organization. Click Apply when you're done.

For example, your domain might include 10 organizations, but a given Content compliance setting configuration might apply to only five of them. Configuring the setting in one organization and then copying it to the other four provides a fast way to configure the setting in multiple locations.

Inherited versus locally applied Gmail settings

On the Gmail advanced settings page, the controls available for a given setting might change depending on whether the setting is Inherited or Locally applied. A setting is labeled as Inherited if it was inherited from a higher-level organizational unit, or from a domain-level setting. A setting is labeled as Locally applied if it was configured at the same level from which you're viewing it. Settings that are not yet locally applied or inherited are labeled as Not configured yet.

See How to use the controls on the Gmail advanced settings page for more details about how inheritance works.

Settings that are only configurable at the top level

Some settings on the Gmail advanced settings page are only configurable at the top-level organizational unit, and not at the sub-org level. (See Email setting descriptions above for a list of settings that are only configurable at the top level.)

Note: If you configure a setting at the sub-org level, that setting applies to that organizational unit and any sub-organizations only. If you configure a setting at the top level, the setting applies to all organizational units.

Admin console - Advanced Gmail settings - organizations

Hosts tab

The Hosts tab enables you to set up multiple routes for your Google Apps domains, and you can later use these routes for dual delivery or split delivery when you configure your settings on the Gmail advanced settings page. You can then specify different routes for different organizational units.

Click Apps > Google Apps > Gmail > Advanced settings to access the Hosts tab. For instructions, see Add mail routes with the Hosts tab.

Default routing tab

The Default routing setting enables you to set up a routing policy for all of your Google Apps domains that includes one or more settings. The settings apply only to inbound messages.

To access the Default routing setting, click Apps > Google Apps > Gmail > Advanced settings, and then click the Default routing tab.

An important use for Default routing is to set up split delivery to route unregistered Google Apps users to your on-premise mail server. This is useful when transitioning users from your legacy mail server to Google Apps. You can also use Default routing to designate an existing user account as a catch-all address to receive messages that are addressed to non-existent users in your Google Apps domains.

For instructions, see Default routing setting.

General guidelines for predicting the behavior of settings

Google Apps administrators have the flexibility to configure multiple email settings for their domains and for different organizational units. This section describes how the various email settings work and interact, and how they affect mail messages and mail flow in a predictable way.

Your Google Apps email settings are stored in a hierarchical tree of organizational units. Settings in child organizational units are inherited from parent organizational units, and a single user may have several associated settings. The actions of these settings can sometimes conflict when determining what should be done with a message; for example, should the message be rejected, or should it be dual delivered?

Use the following guidelines to help you predict how Google Apps email settings will behave:

  • Settings—With a few exceptions, the ordering of the setting is not important. Instead, the precedence is determined by the action taken when a condition matches. For example, the Append footer setting does not take precedence (or "come first") over any other settings, such as Content compliance or Attachment compliance.
     
  • The Reject message action takes precedence—If any setting causes a rejection when the conditions match, then the message is rejected. For example, if there are two settings—one that may reject the message, and another that may add more recipients—then the Add more recipients action does not occur.
    Note: If more than one setting results in a reject, and if different custom reject response messages are specified in each setting, then only one response is used.
  • Multiple re-routes/change recipient—If two different settings cause Change route or Change envelope recipient actions, the Change route or Change envelope recipient actions are in conflict. In this case, the ordering of the setting determines which re-route or recipient change is applied to the message. The actions in a child organizational unit take precedence (or come “first”), while actions in a parent organizational unit are lower precedence.
     
  • Add more recipients—If two settings specify additional recipients, then all recipients are added; there is no possibility for conflict.
     
  • Sender whitelists—Any setting can specify a sender whitelist (approved senders) to bypass the actions if there’s a match. Sender whitelists can be shared between settings; for example, the Spam setting enables you to create an approved sender list to bypass the spam folder. This same approved sender list could be used to bypass a Content compliance setting.
     
  • Prepend subject—If two settings result in different prepend subject actions, both prefixes are prepended. The ordering of the prepended subjects depends on the location of the setting within the organizational unit structure. The actions in a child organizational unit take precedence (or come “first”), while actions in a parent organizational unit are lower precedence.
     
  • Add footer—If two settings result in different add footer actions, both footers are appended. The ordering of the footers depends on the location of the setting within the organizational unit structure. The actions in a child organizational unit take precedence (or come “first”), while actions in a parent organizational unit are lower precedence.
Was this article helpful?
Sign in to your account

Get account-specific help by signing in with your Apps for Work account email address, or learn how to get started with Apps for Work.