As an administrator, you can choose to receive email alerts when important events occur, such as delivery failure.
All but one of the email alerts are off by default, and you can manage them in Reports in the Google Admin console.
The SMTP relay alert is on by default and is not configurable.
Alert details and debugging tipsTLS failure
If you set the option to require Transport Layer Security (TLS) for messages to or from a certain domain, this alert informs you if messages requiring TLS can’t be delivered. The alert is triggered when more than 10% of messages requiring TLS can’t be delivered within an hour to a given host or hosts, because those hosts don’t support TLS.
In this case, inform that host domain's administrator of the problem. Unless the administrator provides TLS support on the domain side, G Suite can’t deliver emails to that domain with the TLS policy in place.
If you set up a smart host for incoming or outgoing mail, this alert informs you if a large number of messages can’t be delivered to one of your smart host servers. You can find additional information about the failures by copying the IP address listed in the notification email into the Recipient IP field of Email Log Search. Check the logs of your smart host server for information corresponding to these failures. You should also check the following settings for your smart host:
- SMTP server is up and accepting connections.
- SMTP server is not crashing.
- Configuration in G Suite is correct and using an external IP address, not an RFC-1918 address.
You can use Exchange journaling to ensure that all email traffic generated by users of the Microsoft® Exchange server is properly archived in Google Vault. This alert informs you if Exchange journaling fails. Because Exchange generates journal messages, this error typically indicates that you’re trying to journal regular email messages by copying them (Bcc or forwarding) to the journal address. You should also make sure you've properly configured Exchange to send TNEF messages.
A high rate of incoming email to G Suite users can signal a malicious email attack or a misconfigured email setting. To protect these users, Gmail temporarily limits the rate of their incoming email by rejecting it.
Note: Gmail eventually delivers the rejected email only if the client retries sending it later.
During the rate-limiting period, Google sends administrators an hourly email alert, containing the following information:
- The intended recipients of the email
- The email’s sender
- The number of messages affected
- When the rate limiting started
- When the most recent rejection occurred
You can use the sender and recipient information to find and analyze these messages with Email Log Search.
Note: The rate-limiting email alert is turned off by default. To turn it on, use the Manage Alerts option in the Admin console.
Google monitors messages sent through the SMTP relay service for spam classification purposes. When we detect significant amounts of spam being sent from any user, we send an email alert to super administrators to notify them them of the sending behavior. The email alert also notifies administrators that user accounts may be suspended if sending patterns do not change.
The alert shows the address of the sender and the IP addresses of the hosts that sent messages that were classified as spam. The IP addresses can include RFC-1918 addresses (for example, addresses that start with 10. or 192.168) that are internal addresses on your network.
The alerts are limited to one every 24 hours. Each alert includes a list of users currently sending significant volumes of spam through SMTP relay. If there are more than 200 users, the list is truncated. Learn more about SMTP relay spam.
Note: The SMTP relay alert is on by default and isn't configurable. It's also not included in the alerts list in Reports.