Tailor advanced Gmail settings for an organization
As a G Suite administrator, you can tailor Gmail for your organization and users. You can:
- Customize the URL where your users access Gmail.
- Set up sophisticated filters and whitelist IP addresses where you expect to receive legitimate mail.
- Specify where inbound messages are delivered.
- Route messages to a catch-all address or another server, or for archiving, filtering, and monitoring.
- Allow users to send outbound messages with a different "from" address.
You can set up conditional settings as well. For example, you can reject messages or attachments that exceed 20 MB. Or, reroute messages that contain certain words or are sent from a certain address.
Who settings apply to
Some settings, such as changing the address where your users access Gmail, always apply to everyone. Other settings, such as adjusting spam filter levels, can be applied to specific groups of users. You apply a setting to a group of users by placing the users in an organizational unit. Learn more about the organization structure and how to tailor settings for groups of users.
How to do it
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
From the Admin console dashboard, go to AppsG SuiteGmailAdvanced settings.
Tip: To see Advanced settings, scroll to the bottom of the Gmail page.
(Optional) On the left, select an organization.
Configure any settings.
At the bottom, click Save.
Tip: Use the search box to find a setting.
It can take up to an hour for changes to propagate to user accounts. Wait for a quiet period at work to change several settings at once, so that it doesn’t affect message delivery.
Note: If you set up POP3 mail fetching, any settings you configure for incoming mail apply to mail fetcher messages as well.
Some settings use hover controls. Hover controls only appear when you point at a setting. Additional hover controls appear after you configure a setting. You might see the following hover options:
- Configure—Use this control if you haven't configured the setting yet.
- View—Use this control to check the configuration of an inherited setting. To change an inherited setting’s configuration, click Add Another.
- Edit—Use this control to change to the setting’s configuration. Available for locally applied settings only.
- Disable or Enable—Use this control to turn a setting on or off. Turning a setting off doesn't impact the options you chose for it. For example, you can temporarily turn off a setting if the results aren't as expected. You can then adjust the setting and turn it back on. You can also make a copy of a setting, turn it off it, adjust it, and then compare the different results. Available for inherited and locally applied settings.
- Delete—Use this control to turn off the setting and delete its configuration. To turn it back on, click Configure. For example, you might want to clear your blocked senders list and start over. Available for locally applied settings only.
- Add Another—Use this control to add an additional configuration for a setting. For example, you could add a rule to trigger an action when a certain condition is met. Available for inherited and locally applied settings.
- Copy To Organization—Use this control to copy a configured setting to a different group. Select the organization and check the box to turn on the setting for that group. For example, you can set up content compliance for a group and then copy it to other groups, without applying it to the entire domain.
Certain settings above let you configure conditional actions. These include:
- Add more recipients—The message is also delivered to these recipients.
- Add X-Gm-Original-To header, Add X-Gm-Spam header and X-Gm-Phishy header, and Add custom headers—Add custom message headers, which can be helpful. For example, if your mail is routed to a downstream server, you can configure that server to process messages based on the headers, say. Typically used to route spam-tagged messages to spam.
- Bypass spam filter for this message—Messages that match the conditions of the setting and are identified as spam are delivered to the intended recipient.
- Change envelope recipient—Alter where the message is delivered. When used with Add more recipients, it implements the Bcc feature. If not, it effectively forwards the message.
- Change route—Change where the message is routed. For example, users with non-Gmail inboxes can have their messages routed to an on-premise Microsoft® Exchange server.
- Prepend custom subject—Alter the subject header to include prefix text.
- Reject message—The message isn't delivered.
- Remove attachments from message—Attachments are removed before delivery to the intended recipient.
- Require secure transport for onward delivery—Outbound messages require secure delivery.
Learn about each setting
These settings apply to all organizations and can only be configured and edited at the top-level organization.
- Web address—Change the URL for your users' Gmail sign-in page.
- MX records—View your MX records and access the Gmail setup wizard.
- User email uploads—Allow users to import mail and contacts from other webmail or POP3 accounts.
- Uninstall service—Turn off Gmail for your organization. For guidelines, see Turn Gmail service Off for your domain.
These settings apply to all organizations and can only be configured and edited at the top-level organization.
- Themes—Specify if users can choose their own themes.
- Email Read Receipts—Specify if users can request or return email read receipts.
- Mail Delegation—Let users delegate access to their mailbox to others in the domain.
- Emailing Profiles—Specify if users can send and receive messages via their Google+ profiles. This setting is Off by default and appears only if you enabled Google+ for the domain.
- Name format—Configure the name format for users. You can also allow users to customize their format.
- Inbox by Gmail—Turn on Inbox by Gmail for users.
- POP and IMAP access—Enable or disable POP and IMAP access for users.
- G Suite Sync—Enable G Suite Sync for Microsoft® Outlook®.
- Automatic forwarding—Prevent users from automatically forwarding incoming messages to another address.
- Gmail Offline—Enable Gmail Offline for users.
- Allow per-user outbound gateways—Allow users to send mail through an external SMTP server.
- Image URL proxy whitelist—Create and maintain a whitelist of internal URLs that bypasses proxy protection. Can only be configured at the top-level organization and applies to all organizations.
- Email whitelist—Create a list of IP addresses from which your users expect to receive legitimate mail. Mail sent from these IP addresses should not be marked as spam. Can only be configured at the top-level organization and applies to all organizations.
- Inbound gateway—Specify the IP addresses of your mail servers that are forwarding email to Gmail. Can only be configured at the top-level organization and applies to all organizations.
- Spam—Create a list of approved email addresses or domains from which your users expect to receive legitimate mail. You can also route spam messages to an administrative quarantine.
- Blocked senders—Block senders based on email address or domain.
- Email and chat auto-deletion—Control the amount of email that's stored for each user. Applies only to the top-level organization.
- Append footer—Use footer text on messages for legal compliance or other requirements.
- Content compliance—Specify how messages are handled based on predefined words, phrases, text patterns, or numerical patterns.
- Comprehensive mail storage—Ensure that all messages—including messages sent or received by non-Gmail mailboxes and SMTP relay—are stored in users' Gmail mailboxes. You typically configure this setting when you're using G Suite Vault with a non-Gmail mailbox or to capture all sent messages, such as calendar invites and sharing notifications.
- Restrict delivery—Restrict the email addresses or domains that users can exchange mail with.
- Objectionable content—Specify how messages are handled based on word lists that you create.
- Attachment compliance—Specify how messages with attachments are handled.
- Secure transport (TLS) compliance—Require mail to be transmitted via a secure connection for specific domains and email addresses.
Before you configure any controls, read our guidelines and best practices for email routing and delivery. Learn more about your routing options below.
Note: You can use controls on the Default routing tab, but we recommend using the Routing setting instead.
- Email routing—This is a legacy setting. Instead, use the Routing setting to specify mail-routing controls for your domain. Can only be configured at the top-level organization and applies to all organizations.
- Outbound gateway—Set a server that all messages from your domain go through. Can only be configured at the top-level organization and applies to all organizations.
- Routing—Specify mail routing and delivery controls for your domain.
- Recipient address map—Apply one-to-one mapping (aliases) to recipient addresses on messages received by your domain. Can only be configured at the top-level organization and applies to all organizations.
- Receiving routing—Set up inbound and internal-receiving delivery options, such as dual delivery and split delivery.
- Sending routing—Set up outbound and internal-sending delivery options.
- Inbound email journal acceptance in Vault—Specify an email address in your domain that receives your Microsoft® Exchange journal messages. Can only be configured at the top-level organization and applies to all organizations.
- Non-Gmail mailbox—If your organization uses a non-Gmail mail server, such as Microsoft Exchange or other non-Google Simple Mail Transfer Protocol (SMTP) service, you can reroute messages to your users’ non-Gmail mailboxes.You can also configure quarantine summary reports for those users.
- SMTP relay service—If you use non-Gmail servers for sending mail and want to route that mail through Gmail for additional filtering or storage, use this setting. Can only be configured at the top-level organization and applies to all organizations.
- Alternate secure route—Set an alternate secure route when Transport Layer Security (TLS) is required. Can only be configured at the top-level organization and applies to all organizations..
How multiple settings affect message behavior
You can create configurations with multiple settings. This can impact message behavior and how the settings are applied, including—where applicable—which setting or configuration takes precedence over another.
Settings can sometimes cause a conflict with delivery. For example, should a message be rejected or delivered twice? What happens will depend on the conditions you set and which setting has precedence.
When you create multiple configurations or settings, there's usually no impact on how a message behaves. Gmail simply applies all settings and handles the message accordingly.
For example, there's no conflict if:
You create an Append footer setting and a Content compliance setting. Gmail takes both actions on the message.
You set up two configurations with the Add more recipients consequence. Gmail adds all recipients.
Similarly, one setting usually doesn’t take precedence over another. In first example, Gmail applies both the Append footer setting and the Content compliance setting without evaluating which “comes first.”
However, there are exceptions to how messages behave when different settings have multiple consequences and sometimes conflict.
Setting behavior guidelines
When two consequences conflict, Gmail will only apply one of the consequences. Non-conflicting consequences are still applied.
- A Content compliance setting that applies a "change route" consequence that reroutes messages to host1.com and adds a X-gm-spam header.
- An Objectionable content setting applies a "change route" consequence that reroutes messages to host2.com and also prepends a custom subject.
In this scenario, the "change route" consequences are considered to be "in conflict" because Gmail can only select one route. So only one "change route" will be selected, and all of the remaining non-conflicting consequences are applied (X-gm-spam header and custom subject).
In general, all settings are evaluated independently of each other, their consequences compiled, then any conflicts resolved. The consequence of one setting can’t be used to influence the triggering of another.
- An Objectionable content setting prepends a custom subject, "test.”
- A Content compliance setting reroutes all messages with a subject containing the word "test" to host1.com.
In this scenario, if “test” isn’t already in the message’s subject, Gmail doesn't reroute the message, even though the word “test” has been added to the subject by the first rule.
Multiple reroutes or change in recipient
A conflict occurs when two settings attempt to change the primary route, or change the primary envelope recipient. In this case, the following principles guide which action is applied:
- Specificity—If one setting is more specific than the other, it takes precedence. For example, locally-applied settings take precedence over inherited ones. All organization-specific settings take precedence over default routing.
- Creation date—If all settings are the same specificity, older settings take precedence over newer ones. Visually, any setting that’s higher on the Advanced settings page in the Admin Console has a higher priority when there's a conflict.
If any triggered rule causes a rejection, the message is rejected and no other rules are applied. If multiple settings trigger rejections with different rejection responses, then only one response is used.
Any setting can specify a list of approved senders to bypass the actions if there’s a match. Senders lists can be shared between settings. For example, the Spam setting lets you create an approved sender list to bypass the spam folder. This same approved sender list can be used to bypass a Content compliance setting.
The SMTP relay setting specifies which email and IP addresses can use the Google SMTP Relay service, and whether SMTP authentication is required. If multiple SMTP relay settings are configured, the SMTP relay service:
- Accepts the message if any of the settings permit it.
- Refuses the message if none of the settings permit it.
There are also a few cases in which Gmail gives precedence to one setting configuration over another. In this case, Gmail applies both configurations, but one “comes first.”
The ordering precedence depends on where the setting is in the organizational unit structure. Actions in a child organization take precedence (“come first”), while actions in a parent organization have a lower precedence.
If two settings result in different "add footer" actions, both footers are added. The ordering of the footers depends on the location of the setting in the organization structure. The actions in a child organization take precedence over a parent organization.
If two settings result in different "prepend custom subject" actions, both prefixes are prepended. The ordering of the prepended subjects depends on the location of the setting in the organization structure. The actions in a child organization take precedence over a parent organization.
Gmail evaluates messages and determines consequences in the following order:
Gmail evaluates the message against all policies independently and compiles any matching consequences into a consequence list.
Gmail evaluates the consequence list. If there are any “reject” consequences, Gmail rejects the message and ignores the remaining consequences.
If the message isn't rejected, Gmail parses the consequence list for any conflicts. Matching conflicts are compiled in a conflicts list. Conflicts only arise if:
Multiple consequences would change the primary route. There's a “change route” consequence that’s not a sub-consequence of an Add more recipients setting.
Multiple consequences would change the primary envelope recipient. There's a “change envelope recipient” consequence that’s not a sub-consequence of an Add more recipients setting.
Gmail evaluates the conflicts list to determine which of the conflicting consequences to apply. This is determined by the priority of the setting, measured by:
Specificity—Locally-applied settings take precedence over inherited ones. Organization-specific settings take precedence over the default route.
Creation date—Older settings take precedence over newer ones. Visually, any setting that’s higher on the Advanced settings page in the Admin Console has a higher priority when there's a conflict.
Gmail applies the resulting consequences to the message, as well as any non-conflicting consequences from all settings.