Advanced phishing and malware protection

As a G Suite administrator, you can protect incoming mail against phishing and harmful software (malware). You can also choose what action to take based on the type of threat detected. For example, you might choose to move suspicious content to your Spam folder, or choose to leave it in your inbox with a warning. All the security settings can be tailored for different users and teams using organizational units.

By default, Gmail displays warnings, and moves untrustworthy emails the spam folder. Using the settings in this article helps you identify additional unwanted or harmful emails.

Note: If you use these advanced phishing and malware settings and dynamic email for your organization, learn how compliance rules are applied to dynamic messages.

Advanced security settings

  • Attachments—Protection against suspicious attachments and scripts from untrusted senders. Includes protection against attachments types that are uncommon for your domain—these can be used to spread malware.

  • Links and external images—Identify links behind short URLs, scan linked images for malicious content, and display a warning when you click links to untrusted domains.

  • Spoofing and authentication—Protection against spoofing a domain name, employee names, email pretending to be from your domain, and unauthenticated email from any domain. Unauthenticated emails display a question mark next to the sender’s name. Spoofing protection can be turned on for private groups, or for all groups.

With advanced settings, you can:

  • Automatically turn on and apply future recommended settings. This ensures maximum protection for email and attachments for your domain.

  • Provide the strongest level of protection for a domain or organizational unit by turning on all security options.

  • Customize security settings by checking only the options you want to turn on. Unchecking all options turns off all advanced security settings for the domain or organizational unit.

  • Specify an action for each security option you turn on. If you don’t select an action, the default action is applied to the security option.

Notes

  • Other spam settings—These advanced security features work independently of other spam settings you might have previously turned on. For example, even if you've listed a domain as a safe sender in spam settings, the enhanced security features are still applied.

  • Quarantine action—When you select the Quarantine option for any of the advanced security settings, the quarantine you select applies only to incoming messages. This is true even if the quarantine you select specifies actions to take on outgoing messages.

  • Warning banners—Warning banners (yellow box) appear only for Google Gmail user interfaces (web and mobile). Third-party apps do not display a warning banner.

How selected actions impact users

This table shows actions that you, as the G Suite administrator, can select for each advanced security setting, and the impact to users of each action.

Action Impact to user
Warning

Messages are delivered to the user's inbox. The user sees a warning banner about the message. Users can open and read the message with this option.

See:

Move email to spam Messages are delivered to the user's spam folder. Users can go to the spam folder and open and review spam messages. Users can mark messages as "not spam" if applicable. Users don't see banners with this action.
Quarantine

When this action is selected, users don't see anything. Messages are sent to admin quarantine and the admin reviews them to determine whether or not they are safe, and then "Allow" message to be delivered to users' inbox. Users don't see banners with this action.

See: Set up and manage email quarantines

Apply advanced security settings

Turn on attachment protection

Google scans all messages to protect against malware, whether or not attachment security settings are turned on. Enforce extra, specific actions for certain types of files with the settings in this section. These settings protect against senders with no prior Gmail history or with a low sender reputation.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenG Suiteand thenGmail.
  3. In the Safety section, scroll to Attachments.
  4. Select the setting and action you want to apply to incoming emails. (Details below)
Attachments settings Actions

Protect against encrypted attachments from untrusted senders

Protect against attackers who use encrypted attachments, which can't be scanned for malware. 

  • Keep email in inbox and show warning (Default)

  • Move email to spam

  • Quarantine

Protect against attachment with scripts from untrusted senders

Protect against documents that contain malicious scripts that can harm your devices.     

  • Keep email in inbox and show warning (Default)

  • Move email to spam

  • Quarantine

Protect against anomalous attachment types in emails

Protect against attachment file types that are uncommon for your domain. Uncommon and archaic file types can be used to spread malware.

You can whitelist uncommon file types that you approve and that are regularly sent to your domain. Messages with whitelisted file attachments are delivered to the recipient's inbox.

Enter file extensions in the Whitelist the following uncommon filetypes field without a preceding period and separated by commas. For example:  arj, iqy, par

  • Keep email in inbox and show warning (Default)

  • Move email to spam

  • Quarantine

Apply future recommended settings automatically

When we add new, recommended security settings for attachments, those settings are turned on by default.

Turn on links and external images protection

 
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenG Suiteand thenGmail.
  3. In the Safety section, scroll to Links and external images.  
  4. Select the desired security settings. (Details below)
Links and external images settings  
Identify links behind shortened URLs Allow discovery of harmful links hidden behind shortened URLs. 

Scan linked images

Allow scanning of images referenced by links to find hidden malicious content.

Show warning prompt for any click on links to untrusted domains 
Not available for IMAP/POP email client

Gmail displays a warning when you click a link to untrusted domains in any email message. If this feature isn't on, warnings only appear for clicks to untrusted domains from suspicious emails.
Apply future recommended settings automatically When we add new, recommended security settings for links and external images, those settings are turned on by default.

Turn on spoofing and authentication protection

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenG Suiteand thenGmail.
  3. In the Safety section, scroll to Spoofing and authentication.
  4. Select the settings and actions you want to apply to incoming emails. See details below.
     
Spoofing and authentication settings Actions

Protect against domain spoofing based on similar domain names

Protect against incoming messages from domains that appear visually similar to your company's domains or domain aliases. 

  • Keep email in inbox and show warning (Default)

  • Move email to spam

  • Quarantine

Protect against spoofing of employee names

Protect against messages where the sender's name is a name in your G Suite directory, but the email isn't from your company domain or domain aliases.

Important: For this setting to work correctly, Enable contact sharing and Show all email addresses must be selected in directory sharing settings. To verify, go to  G  Suite > Directory > Sharing Settings and review the Contact sharing section. 

  • Keep email in inbox and show warning (Default)

  • Move email to spam

  • Quarantine

Protect against inbound emails spoofing your domain

Protect against potential Business Email Compromise (BEC) messages not authenticated with either SPF or DKIM, pretending to be from your domain. 

  • Keep email in inbox and show warning (Default)

  • Move email to spam

  • Quarantine

Protect against any unauthenticated emails

Protects against messages that are not authenticated. Messages must be authenticated (by any domain) with either SPF or DKIM (or both).

  • Keep email in inbox and show warning (Default)
  • Move email to spam

  • Quarantine

Protect Groups from inbound emails spoofing your domain

Protect your Google Groups from inbound emails spoofing your domain. You can apply this setting to all groups or to private groups only.

  • Keep email in inbox and show warning (Default)

  • Move email to spam

  • Quarantine

Apply future recommended settings automatically

When we add new, recommended security settings for spoofing and authentication, those settings are turned on by default.

Thông tin này có hữu ích không?
Chúng tôi có thể cải thiện trang này bằng cách nào?

Bạn cần trợ giúp thêm?

Đăng nhập để xem thêm tùy chọn hỗ trợ giúp nhanh chóng giải quyết sự cố