If you're looking for instructions and guidelines related to legal, security, and compliance concerns, go to Google Workspace legal and compliance.
Google Workspace offers many options to meet your organization's compliance and regulatory requirements, and to protect your sensitive data.
Start here to find the policies that work best for your organization.
Index of compliance options
Footer and confidential mode
| Add a standard footer to users' outbound messages | |
|---|---|
|
Add a standard footer to all your users' outgoing messages. Examples: For legal compliance, branding, informational requirements, or promotions. |
Learn how |
| Protect Gmail messages with confidential mode | |
|
Enable or disable your users' ability to send or receive messages in confidential mode. When this mode is enabled, users can prevent recipients from sharing (forwarding, printing, and so on) a message containing sensitive information. |
Learn how |
Message storage policies
| Control email and chat storage | |
|---|---|
|
Control the amount of email and chat messages stored for users in your organization. Also specify how to archive or delete messages when their storage periods expire. |
Learn how |
| Set up comprehensive mail storage | |
|
Ensure that copies of all messages your users send or receive are stored in users’ Gmail mailboxes. Useful for:
|
Learn how |
Recipient policies and controls
| Set up external recipient notifications | |
|---|---|
|
Remind users when they email recipients outside your organization who they don't email regularly, or who aren't listed in their Contacts. Example: To protect your users from unintentionally sharing information externally. |
Learn how |
| Allow emails only with authorized addresses or domains | |
|
Allow users to exchange messages only with specific addresses or domains that you authorize. Example: A school might want to allow students to exchange messages with faculty members and other students, but not with people outside of the school. |
Learn how |
| Block emails between specific users or groups | |
|
Prevent emails between users in specific organizational units. Example: A school district might want to prevent elementary school students from receiving email from high school students. |
Learn how |
| Enforce an "IP lock" in Google Workspace | |
|
Allow users to receive mail only from an IP address or range of addresses that you specify. By manually defining allowed IP ranges, you simultaneously allow all incoming traffic from a particular domain, and prevent spoofing from other domains. Example: An IP lock is particularly useful with domains that don't have a Sender Policy Framework (SPF) record, or that use third party applications to send mail on behalf of the domain. |
Learn how |
Content filtering with rules
| Set up rules for advanced email content filtering | |
|---|---|
|
Set up rules for how to handle messages containing specific content or expressions. Examples:
|
Learn how |
| Set up rules for objectionable content | |
|
Set up rules to determine whether messages containing certain words are rejected, quarantined, or delivered with modifications. Examples:
|
Learn how |
| Set up rules for basic email content filtering | |
|
Set up rules for how to handle message attachments such as documents, video and sound files, images, and compressed files and archives. Examples:
|
Learn how |
| Set up rules to detect harmful attachments | |
|
Have Gmail scan or run attachments in a virtual environment called the Security Sandbox. Attachments identified as threats can then be placed in users' Spam folders or quarantined. Use case: Protects against malicious software that might be missed by antivirus programs |
Learn how |
| Use optical character recognition (OCR) to read images | |
|
Extract text from image attachments to then apply rules for content compliance or objectionable content. Extracts text from GIF, JPG, PNG, and TIFF images. Example: Set up a content compliance rule to quarantine messages containing credit card numbers. Then turn on OCR to detect and quarantine a PNG image attachment of an invoice containing a credit card number. |
Learn how |
| Scan your email traffic using DLP rules | |
|
Scan inbound or outbound emails for sensitive data using predefined content detectors. Then automatically quarantine, reject, or modify a message, based on its content. Examples: Predefined content detectors exist for a range of numerical data types, including Social Security numbers, country-specific drivers license or passport numbers, credit card numbers, and many more. |
Learn how |
Message transmission and encryption
| Require mail to be transmitted via a secure TLS connection | |
|---|---|
|
Require email to and from specific domains or email addresses to be transmitted using Transport Layer Security (TLS). TLS is a security protocol that encrypts email to protect its privacy. |
Learn how |
| Set up rules to require S/MIME signature and encryption | |
|
Set up compliance and routing rules that require that outgoing messages be signed and encrypted using S/MIME. Examples: Users can intentionally turn encryption off, but you can set up a rule that overrides this action. You can also set up rules that ensure messages are encrypted when certain patterns are detected, such as credit card numbers. |
Learn how |
| Use Google Workspace certificates for secure transport (TLS) | |
| Use Transport Layer Security (TLS) certificates to encrypt your users' mail for secure inbound and outbound delivery. | Learn how |
| Increase email security wit MTA-STS and TLS reporting | |
|
Turn on MTA Strict Transport Security (MTA-STS) to require authentication checks and encryption for email sent to your domain. Use Transport Layer Security (TLS) reporting to get information about external server connections. |
Learn how |