Message bounced due to a policy rule

As a G Suite administrator, you can define rules to reject messages that violate policies. You set this up by selecting the Reject message consequence when defining routing and compliance rules.

For outgoing messages, you can also define rules that reject messages that haven’t been S/MIME encrypted. You set this up by selecting the Modify message consequence when defining the rule and then selecting the Bounce message if unable to encrypt option.This feature is only available with G Suite Enterprise and G Suite for Education.

Message bounced due to a compliance or routing rule

If a message bounces because it violates a routing, content compliance, objectionable content, or attachment compliance rule, you’ll see one of the following:

  • A default rejection message, such as "Rejected due to policy associated with sender."
  • A custom message, entered in the Customize rejection notice field when setting up the rule.

How do I fix the problem?

If there’s no custom message, or if the custom message doesn’t provide enough information about the violation, examine the logs to see which rule was violated.

Why is this happening?

A rule that blocks outgoing mail generates a bounce message when attempting to send.

For example, you can have a data loss prevention rule that prevents users from sending messages containing credit card numbers. If a user tries to send a message with a credit card number, the user will get a bounce message.

Similarly, you can have an attachment compliance rule that prevents sending outbound messages with .zip attachments. If a user tries to send a message with a .zip attachment, they'll get a bounce message.

Messages bounced due to an encryption policy rule

This feature is only available with G Suite Enterprise and G Suite for Education.

You can create a compliance or routing rule that requires that messages be signed or encrypted using hosted S/MIME enhanced protection. If a message is sent that violates the rule, the following error message is sent:

"A policy required encryption but was unable to encrypt the message.”

How do I fix the problem?

The message triggered a rule that requires that outgoing messages can't be sent unless they are S/MIME encrypted or signed. To fix the problem, ensure that S/MIME keys are exchanged prior to rule enforcement.

Why is this happening?

This can happen if Google can’t fetch a recipient’s public key, causing the encryption to fail.

 

Was this article helpful?
How can we improve it?