Protect Gmail messages with confidential mode

This article is for administrators. If you're a Gmail user, learn more about using Gmail confidential mode.

With Gmail confidential mode, your users can help protect sensitive information from unauthorized or accidental sharing. Recipients of confidential mode messages don't have options to forward, copy, print, or download messages or attachments.

Confidential mode lets you:

  • Set a message expiration date
  • Revoke message access at any time
  • Require a verification code by text to open messages

Important: Confidential mode helps prevent recipients from accidentally sharing messages. It can't prevent recipients from taking screenshots or photos of your messages or attachments. Recipients can also use malicious software applications to copy or download messages and attachments.

How Gmail processes confidential mode messages

Gmail removes the message body and any attachments from the recipient copy of a confidential mode message. Gmail replaces message content and attachments with a link to the content.

In Gmail, the linked content appears to be part of the message. Third-party email clients display a link in place of the message content.

Google Vault and confidential mode messages

Google Vault can hold, retain, search, and export all confidential mode messages sent by users in your domain. Vault can't access or read the content of confidential mode messages sent to your organization from external senders. If your domain uses Vault, carefully review how Vault handles confidential mode messages.

To support Vault's requirement to access confidential mode messages, Gmail attaches a copy of the confidential mode content to the recipient's message.

Here's what you should know about this copy:

  • It's attached only when the message sender and recipient are in the same organization.
  • It's only available to Vault.
  • Senders and recipients cannot access the copy from Gmail.
  • Third-party mail archiving tools cannot access the copy.

To delete all copies of a confidential mode message, you must delete it from the sender account and all recipient accounts.

Third-party archiving tools and confidential mode messages

When a message is sent in Gmail confidential mode, Gmail replaces the message body and attachments with a link. Only the subject and link are sent, using SMTP.

If your domain uses third-party eDiscovery or archiving tools, Gmail confidential mode might conflict with your organization's eDiscovery and retention policies. Before enabling this feature, we recommend you discuss the impact with your eDiscovery administrators and other policymakers.

Turn Gmail confidential mode on or off

You can turn Gmail confidential mode on or off for your entire domain, or for specific organizational units. When you disable confidential mode, users in your organization can't send Gmail messages in confidential mode.

To prevent users in your organization from receiving confidential mode messages, set up a compliance rule to block incoming confidential mode messages.

To turn Gmail confidential mode on or off for your organization:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenGoogle Workspaceand thenGmailand thenUser settings.
  3. In User settings, scroll to Confidential mode
  4. Uncheck or check the Enable confidential mode box.  
  5. Save your changes.

It can take up to 24 hours for your changes to take effect.

To turn Gmail confidential mode on or off for an organizational unit:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenGoogle Workspaceand thenGmailand thenUser settings.
  3. On the left, select the organizational unit.
  4. Scroll to Confidential mode and uncheck or check the Enable confidential mode box.  
  5. Click Save.

It can take up to 24 hours for your changes to take effect.

Block incoming confidential mode messages

To create a compliance rule to block incoming confidential mode messages from your domain, follow the instructions in this section.

Note: For detailed information about creating compliance rules for all types of content, see Set up rules for content compliance.  

How messages trigger compliance rules

Compliance rules you've defined affect Gmail confidential mode messages in these ways:

  • Outgoing messages are subject to any compliance rules defined for message subject, body, and attachments.
  • Outgoing messages that match compliance rules to remove attachments aren't sent. The sender gets a bounce message.
  • Incoming messages are checked, but only the message header (including subject) is scanned.

How confidential mode messages are quarantined 

Gmail confidential mode messages are quarantined in these ways:
  • Incoming messages in confidential mode are sent to Admin quarantine, but only the message header is scanned. 
  • Outgoing messages in confidential mode aren't sent to Admin quarantine. They're rejected and the sender receives a bounce message.

To block incoming confidential mode messages:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenGoogle Workspaceand thenGmailand thenCompliance.

    Note: You might find this setting at Appsand thenGoogle Workspaceand thenGmailand thenAdvanced Settings.

  3. Point to the Content compliance setting and click Configure. (If you've previously set compliance rules for other types of mail, point to any rule and click Add another.)

    The Add setting dialog appears, where you'll enter a name, select the message type to match, and define what action to take based on the message. 

  4. In the Add setting dialog, enter the following information:
    • Enter a name for the rule.
    • In the Email messages to affect, check the Inbound box.   
    • From Add expressions, choose If any of the following match the message
    • In Expressions, click Add, and then select Metadata match.
    •  From the Attribute drop-down, choose Gmail confidential mode, and for Match type, choose Message is in Gmail Confidential mode.
    • Click Save.
  5. In the next section, which identifies what to do if the expressions match, choose Reject message.
  6. (Optional) Enter a custom rejection message that is automatically sent to the blocked message sender.
  7. Click Add setting.

It can take up to 24 hours for your changes to take effect.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue