Set up routing for your domain or organization

You can set up email routing and delivery options for your organization in the Google Admin console. These options include rejecting, quarantining, or delivering email with modifications. For example, you can route mail to Gmail and an external server or set policies that vary by organizational unit. 

Understand how settings apply

Mail routing applied to organizations only impacts active users with Gmail enabled. 

Unless you change the options, the rules apply to all users in an organizational unit. You can disable in a child organization any rules they inherit from a parent organization. You can also add multiple rules to each organization.

When you set up multiple rules, what happens to a message depends on the conditions you set and which rule has precedence. For details, read How multiple settings affect message behavior.


Gmail routing rules only apply to active users with Gmail service enabled. Routing rules don’t apply to users who are in a suspended state or who have Gmail service turned off.

To configure mail flow for suspended users, those with the Gmail service off, or addresses not provisioned in your domain, visit Set up default routing, or Redirect incoming messages with address maps.

Before you begin

Set up routing for your domain or organization

Open all  |  Close all

Step 1: Create or edit the name of the route
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. In the Admin console, go to Menu ""and then"" Appsand thenGoogle Workspaceand thenGmailand thenRouting.


  3. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.

  4. On the Routing tab, choose an option:

    • To set up a new setting, click Configure.

    • If the setting is already configured, click Edit or Add another rule.

  5. Enter a unique name for the setting.
  6. Go to the next step to configure the setting.

Step 2: Choose email messages to affect
  1. Check the boxes next to the messages you want the policy to apply to:
    • Inbound—Incoming messages 
    • Outbound—Outgoing messages
    • Internal-sending—Internal message with one of the domains or subdomains from your organization listed in the To field
    • Internal-receiving—Internal message with one of the domains or subdomains from your organization listed in the From field

      Note: For split delivery, dual delivery, catch-all addresses, or to route messages to more recipients, select Inbound, Internal-receiving, or both.

  2. Go to the next step to continue.

How SPF and DKIM affect routing

Routing rules also apply to messages originating outside Gmail that your domain authenticates with SPF or DKIM. If outgoing messages from your domain don't pass SPF or DKIM authentication checks, Gmail doesn't recognize the sender. Gmail treats the message as external, even if you have other rules in place.

Learn more about SPF and DKIM at Help prevent spoofing, phishing, and spam.

Step 3: Specify what happens to the messages
Select the messages you want the policy to apply to. Then, under For the above types of messages..., click the Down arrow "" and choose an option:

Modify the message

Add headers, remove attachments, change the envelope recipient, add more recipients, and change the route. For details, read Options for modifying messages.
Use this action to change the primary destination, and define more destinations for dual or multiple delivery. Note: The default primary destination the Gmail server.

Options for modifying messages

You can modify a message in the following ways:

Add X-Gm-Original-To header

Add a header tag if the recipient is changed. When you do, the downstream server will know the original envelope recipient. An example of the header tag format is X-Gm-Original-To:

Add X-Gm-Spam and X-GM-Phishy headers

Add headers to indicate message spam and phishing status. Administrators for a receiving servers can use this information to set up special rules for managing spam and phishing messages. For details, go to Add spam headers setting to all default routing rules.

Add custom headers Add custom headers to messages affected by this setting. For example, you can add a header that matches the description you entered for the setting. This can help you determine why a message was routed in a certain way, or why a rule was triggered.
Prepend custom subject You can add custom text to the beginning of the subject line for select messages. For example, you can enter Confidential for sensitive emails. If a message with the subject Monthly report triggers the rule, recipients see the following subject: [Confidential] Monthly report.
Change the route, Also reroute spam, and Suppress bounces from this recipient
  • Change the route—You can change the destination of the message from the default Gmail server to a different mail server, such as Microsoft Exchange.

    Note: Before you can change the route, you need to add the new route in the Admin console. For details, go to Add mail routes for advanced Gmail delivery.

  • Also reroute spam—This option is available if you select Change the route. Blatant spam is dropped instantly at delivery time. However, check the Also reroute spam box to route any additional email you mark as spam. Leave the box unchecked to route normal messages, but not spam. Admin console email settings (for example, a list of preauthorized senders) overrides spam settings.

  • Suppress bounces from this recipient—Check this box to prevent bounced messages from being rerouted to the configured mail route. For example, you might want to prevent bounced messages from being rerouted to an automated system. Leave this box unchecked if you want the receiving mail system to get bounced messages, for example so senders know when their message isn't delivered.
Normal routing Messages are routed through your domain’s default mail server. This is the only available option under Change the route if you haven't configured an additional mail server. To route messages through an additional mail server, follow the steps to Add mail routes for advanced Gmail delivery.
Change envelope recipient

The message bypasses the original recipient’s mailbox and goes to the new recipient.

You can change the envelope recipient in one of the following ways:

  • Replace the recipient’s entire email address—After Replace recipient, enter the full email address, such as
  • Replace username—To change just the username of the recipient's email address and keep the domain the same, before @existing-domain, enter the username, such as user.
  • Replace domain—To change just the domain of the recipient's email address and keep the username the same, after existing-username@, enter the domain, such as

An MX lookup on the new recipient's domain determines the destination server. Or, if you’re using the Change the route control, the specified route determines the destination server.

If you'd rather Bcc an additional recipient, use the Add more recipients option, described below.

Bypass the spam filter for this message

Deliver incoming messages to recipients even if the spam filter identifies them as spam. This option applies only to incoming messages. You can’t bypass spam filters for outgoing messages. Note: This option is not available for the Groups account type. For details, go to Account types to affect.

Remove attachments from message You can remove any attachments from messages. You can also append text to notify recipients that attachments were removed.
Add more recipients
  1. To set up dual or multiple delivery, check the Add more recipients boxand thenclick Add "".
  2. To add individual email addresses, select Basic from the listand thenclick Save
  3. (Optional) To add more addresses, click Add "".
  4. (Optional) To choose advanced options for your secondary delivery, select Advanced from the list.

    You can change the envelope recipient, add headers, prepend a custom subject, and remove attachments for secondary deliveries. Note: The Do not deliver spam to this recipient advanced option isn't supported for the Groups account type.

When you add recipients, consider that:

  • Each rule has a limit of 100 additional recipients.
  • Settings for the primary delivery also apply to the secondary deliveries.
  • For secondary deliveries, the Do not deliver spam to this recipient and Suppress bounces from this recipient boxes are checked by default.
  • Adding additional recipients creates a message for each added recipient. Advanced Gmail settings apply to each message.
Encryption (onward delivery only)

By default, Gmail tries to deliver messages using Transport Layer Security (TLS). If secure transport isn’t available, the message is delivered over a nonsecure connection.

To require all messages meeting the conditions in the setting to be transmitted through a secure connection, check the Require secure transport (TLS) box. If TLS isn't available on the sending or receiving side, the message won't be sent.

If you have an Enterprise or Enterprise for Education account, you can also bounce messages or require that messages can only be sent if they are S/MIME encrypted. For details, go to Enhance message security with hosted S/MIME.

Dual delivery, split delivery, catch-all addresses, and routing messages

For an overview on routing settings and the types of delivery, such as dual and split delivery, see Email routing and delivery.

To set up dual delivery, split delivery, a catch-all address, or to route messages to additional recipients:

  1. Add a description of the routing rule.
  2. Choose which messages to affect (for example, for split delivery, select Inbound, or Internal-receiving, or both).
  3. Under For the above types of messages, do the following, click the Down arrow "" and then select Modify message.
  4. Choose an action and follow the steps to set it up:
    Action Setup steps
    Split delivery
    1. Select Change the route.
    2. If you haven’t yet, add the route for the external server.
    3. Select the external server from the list.
    4. Scroll down to Show options and change the Account types to affect setting to Unrecognized/Catch-all.

      Note: Suspended users are considered unrecognized users.

    5. Click Save.
    Dual delivery
    1. Under Also deliver to, select Add more recipients and click Add.
    2. Under Recipients, click the Down arrow ""and thenAdvanced.
    3. Select Change the route and select the secondary mail route from the list.
    4. Scroll down and click Save.
    5. (Optional) Set up an envelope filter if you want the rule to affect only specific envelope senders and recipients. You can specify single recipients by entering their email address. You can also specify groups.
    6. Click Save.
    Catch-all address
    1. Enter a description (for example, “Catch-all”)
    2. Click Messages to affect
      1. Check Inbound
      2. Check Internal-receiving 
    3. Scroll to Envelope recipient, and select Change envelope recipient.
    4. Select Replace recipient and type catch-all address.
    5. Click Show options.
    6. Under Account types to affect
      1. Check Unrecognized / Catch-all

        Note: Suspended users are considered unrecognized users.

      2. Uncheck Users
      3. Uncheck Groups
    7. Click Save.
    Route messages to additional recipients
    1. Under Also deliver to, check the Add more recipients box.
    2. Click Add.
    3. Under Recipients, make sure that Basic is selected in the list.
    4. Enter the recipient’s email address and click Save.
    5. Click Save.
  5. Choose an option:
    • To set up additional parameters that limit the application of the setting, go to step 5.
    • To save the setting, go to step 6.

Reject the message

Rejects the message before reaching the recipient. You can enter a message to notify the sender about why the message was rejected. For matching messages, no other routing or compliance rules are applied. 

Note: Gmail automatically adds an SMTP rejection code, such as 550 5.7.1. This is a requirement of the SMTP standard and can't be deleted.

Quarantine message

Sends the message to an admin quarantine where you can review the message before you send or reject it. This option is only available for the Users account type. For details, see Account types to affect.

To notify your users when their sent messages are quarantined, check the Notify sender when mail is quarantined (onward delivery only) box.

Step 4: Set up an envelope filter

To affect only specific envelope senders and recipients, set up an envelope filter:

  1. At the bottom of the Add setting window, click Show options.
  2. Check one or both of these options:
    • Only affect specific envelope senders
    • Only affect specific envelope recipients
  3. From the list, choose an option:
    • Single email address—Enter the complete email address for a user.
    • Pattern match—Enter a regular expression to specify a set of senders or recipients in your domain. For example:


      Learn more about Guidelines for using regular expressions.

    • Group membership—Select one or more groups in the list. For envelope senders, this option only applies to sent mail. For envelope recipients, it only applies to received mail. If you haven't, first create the group.

      Note: This option affects group members, and members of child groups. For example, if Group B is a member of Group A, this option affects members of Group A and Group B.

  1. Continue to the next step.
Step 5: (Optional) Set up additional routing options

To set up additional options for a routing policy, such as creating address lists or choosing the account types it will affect, at the bottom, click Show options.

Address lists

You can specify address lists as a criteria for whether to bypass or apply a routing policy. These lists can contain email addresses, domains, or both.

To create an address list:

  1. Under Address lists, check the Use address lists to bypass or control application of this setting box.
  2. From the list, choose how to apply the address list:
    • Apply address lists to correspondents—Considers the From field for received mail and the recipients for sent mail. For senders, the authentication requirement is also checked.
    • Apply address lists to recipients—Checks if the recipients are present in the address list.
  3. Choose an option:
    • Bypass this setting for specific addresses / domains—Skips the setting if the address list matches, regardless of any other criteria in the setting.
    • Only apply this setting for specific addresses / domains—The address list match becomes a condition for whether the setting is applied. If there are other criteria in the setting, such as match expressions, account types, or envelope filters, they must also match for the setting to be applied.
  4. Click Use existing or create a new one.
  5. Select the name of an existing list or enter a name for a new list and click Create.
  6. Point to the list name and click Edit.
  7. To add addresses and domains to the list, click Add "".
  8. Enter a full email address or a domain name. To add multiple addresses, place a comma between each one or enter a space-delimited list.
  9. (Optional) To bypass the setting for approved senders that don't have authentication, uncheck the Require sender authentication box.

    Note: Use this option with caution as it might lead to spoofing. Learn more about sender authentication.

  10. Click Save.
  11. (Optional) To include additional email addresses or domains in the list, repeat steps 5–8.
  12. Proceed to Account types to affect.

Account types to affect

Depending on the message action you chose and the type of organizational unit you’re configuring, some account types might not be available.

Select one or more account types that the setting applies to: 

  • Users (default)—The setting applies to provisioned users. For sending and outbound mail, the setting is triggered when your users send email. For receiving and inbound mail, the setting is triggered when your users receive email.
  • Groups—The setting applies to groups set up in your organization. For sending and outbound mail, the setting is triggered when your groups forward email or summaries to members. For receiving and inbound mail, the setting is triggered when your groups receive email.
  • Unrecognized/Catch-all—The setting is triggered when your organization receives email that doesn’t match one of your provisioned users. This selection only applies to received and inbound email.

Note: The Groups and Unrecognized/Catch-all account types don’t apply to these controls:

  • Add X-Gm-Spam and X-Gm-Phishy headers
  • Bypass spam filter for this message
  • Also reroute spam

When you're finished, go to Add and save the setting.

Step 6: Add and save the setting
  1. Click Add Setting or Save.

    New settings appear on the Routing page.

  2. At the bottom, click Save.

Send messages with S/MIME encryption

Depending on your edition, you can improve message security with S/MIME. For example, set up a rule that requires S/MIME encryption for outgoing messages. Set this rule up with the Encryption option, described in Step 4 above.

For details, go to Enhance message security with hosted S/MIME.

Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.


Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue

Clear search
Close search
Google apps
Main menu
Search Help Center