Apply extra phishing and malware protection

As a G Suite administrator, you can protect users' incoming mail against phishing and malware and choose what action to take based on the type of threat. For example, you can choose to move suspicious content to your Spam folder or leave it in your inbox and display a warning. All the security settings can be tailored for different users and teams using organizational units.

Note: Although Gmail already displays warnings and moves emails known to be untrustworthy to spam, the settings in this article capture additional unwanted or harmful emails.

Advanced security settings

  • Spoofing and authentication—Protection against spoofing a domain name, employee names, email impersonating your domain, and unauthenticated email from any domain (indicated by a question mark next to the sender’s name).
  • Attachments—Protection against encrypted attachments and scripts from untrusted senders.
  • Links and external images—Identify links behind short URLs, scan linked images for malicious content, and display a warning when users click links to untrusted domains.

  With advanced settings, you can

  • Disable all settings—Disable all security settings for a domain or organizational unit.
  • Enable all settings—Turn on current (and any future) settings. This option provides the strongest level of protection for a domain or organizational unit. When you select Enable all settings, the default action associated with each option is applied.
  • Customize settings—Select security settings and actions individually.

Apply advanced security settings

Turn on spoofing and authentication protection

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Appsand thenG Suiteand thenGmail.
  3. In the Safety section, scroll to Spoofing and authentication.
  4. Select the settings and actions you want to apply to incoming emails. (Details below)
     
Spoofing and authentication settings Actions
Protect against domain spoofing based on similar domain names
Protect against incoming messages from domains that appear visually similar to your company's domains or domain aliases. 
  • Keep email in inbox and show warning (Default)
  • Move email to spam

Protect against spoofing of employee names
Protect against messages where the sender's name is a name in your G Suite directory, but the email isn't from your company’s domains or domain aliases.

Important: For this setting to work correctly, Enable contact sharing and Show all email addresses must be selected in directory sharing settings. To verify, go to  G  Suite > Directory > Sharing Settings and review the Contact sharing section. 

  • Keep email in inbox and show warning
Protect against inbound emails spoofing your domain
Protect against potential Business Email Compromise (BEC) messages not authenticated (SPF or DKIM), pretending to be from your domain. 
  • Move email to spam (Default)
  • Keep email in inbox and show warning
Protect against any unauthenticated emails
Protect against any message not authenticated (SPF or DKIM) by any domain. 
  • No action (Default)
  • Keep email in inbox and show warning
  • Move email to spam

Turn on attachment protection

Google scans all messages to protect against malware, whether or not attachment security settings are turned on. These settings give you the ability to enforce additional specific actions for certain types of files. Both settings protect against senders with no prior Gmail history or a low sender reputation.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Appsand thenG Suiteand thenGmail.
  3. In the Safety section, scroll to Attachments.
  4. Select the setting and action you want to apply to incoming emails. (Details below)
Attachments settings Actions

Protect against encrypted attachments from untrusted senders
Protect against attackers who may use encrypted attachments, which can't be scanned for malware. 

  • Keep email in inbox and show warning (Default)
  • Move email to spam

Protect against attachment with scripts from untrusted senders
Protect against documents that contain malicious scripts that can harm your devices.     

  • Keep email in inbox and show warning (Default)
  • Move email to spam

Turn on links and external images protection

 
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console dashboard, go to Appsand thenG Suiteand thenGmail.
  3. In the Safety section, scroll to Links and external images.  
  4. Select the desired security settings. (Details below)
Links and external images settings
Identify links behind shortened URLs
Allow discovery of harmful links hidden behind shortened URLs. 

Scan linked images
Allow scanning of images referenced by links to find hidden malicious content.

Show warning prompt for any click on links to untrusted domains 
Not available for IMAP/POP email clients
Gmail displays a warning when users click a link to untrusted domains in any email message. If this feature isn't on, warnings only appear for clicks to untrusted domains from suspicious emails.

 
Was this article helpful?
How can we improve it?