- G Suite Updates Blog
- What Are DNS Records?
- What is an MX record?
- IMAP vs. POP3: What Is It and Which One Should You Use?
- Verify your domain for G Suite
- Set up MX records for G Suite Gmail
- Authorize email senders with SPF(Sender Policy Framework)
- What is the Admin console?
- Admin Console Feature Map
- Set up G Suite feature releases for users
- Set up Supplemental Data Storage>
- Choose a geographic location for your data
- Customize a G Suite service URL
- Add Users
- Add users individually
- Add several users at once
- About Google Cloud Directory Sync
- G Suite Admin SDK
- Developer Offering
- Google APIs Explorer
- Manage user accounts
- Add multiple domains or domain aliases
- Add or remove an email alias
- Change or reset your password.
- Set up password recovery for users
- Create a strong password & a more secure account
- Suspend a user
- Delete a user from your organization
- Restore a recently deleted user
- How licensing works
- How the organizational structure works
- To control which applications and services are available to users
- To configure the available services differently for different sets of users
- Add an organizational unit
- Modify the organizational structure
- Move users to an organizational unit
- Apply policies to the organizational unit
- Control who can access G Suite and Google services
- Turn Directory on or off
- Add employee ID as a login challenge
- Add information to a user’s profile
- Customize a directory for a team or group
- Add shared contacts to the Directory
- Let users change their photo and profile information
- Pre-built administrator roles
- Assign administrator roles to a user
- Create custom administrator roles
- Administrator privilege definitions
- Add recovery options to your administrator account
- Managing access to services
- Set up G Suite feature releases for users
- Control access to G Suite and Google services with groups
- G Suite release calendar
- Manage email features
- G Suite Sync for Microsoft Outlook
- Configure outbound messages with footer text
- Set up rules for attachment compliance
- Calendar
- Managing Calendar for G Suite
- Manage Calendar Resources
- My Calendars list and other settings
- Set Calendar visibility and sharing options
- Test scheduling resources
- Drive training and help
- Drive
- Overview: Manage Drive for an organization
- Get started: Drive setup guide for admins
- Manage shared drives
- Drive API
- Restore a deleted user's Drive files
- Transfer Drive files to a new owner
- Restore a G Suite user’s Gmail and Drive data
- Work on Google Docs, Sheets, & Slides offline
- Use Drive File Stream with work or school
- Manage shared drives
- Migrate content to a shared drive
- Restore deleted files or shared drives
- Manage mobile devices
- Set up basic mobile device management
- Set up advanced mobile device management
- Compare mobile management features
- Google Apps Device Policy overview
- Inventory company-owned devices
- Remove corporate data from a mobile device
- Block access to your Google service on a lost device
- Automate mobile management tasks with rules
- How retention works
- Place Gmail and classic Hangouts on hold
- Get started with search and export
- Get started: Vault administrators
- Supported data types
- Use search operators
- Get started with search and export
- Export your organization's data
- About reports and alerts
- Admin audit log
- Email Log Search
- Account activity reports
- Understand app reports data
- Highlights report
- App reports on your whole organization
- Understand audit logs
- Administrator email alerts
- About the alert center
- Track message delivery with Email Log Search
- View Email Log Search result details
- Interpret Email Log Search results
- Post-delivery message status
- What is a domain?
- Add more domains to your G Suite or Cloud Identity account
- Remove a domain or domain alias
- Domain name basics
- Multiple domains FAQ
- Whitelist trusted G Suite domains
- Introduction to Common Security Settings
- Verify a user’s identity with extra security
- Gmail security checkup
- Manage user security settings
- Security checklist for medium and large businesses (100+ users)
- Enrollment report
- Deploy 2-Step Verification
- Turn on 2-Step Verification
- Apply custom security policies
- Avoid account lockouts when 2-Step Verification is enforced
- Set session length for Google services
- Configuring one of over 200 third-party pre-integrated cloud applications as your service provider (SP)
- Setting up your own custom SAML app for cloud applications that aren't in the pre-integrated apps list
- Using SAML to set up federated SSO (Pre-integrated apps)
- Set up your own custom SAML application
- SAML service provider URLs
- Developer Offerings (G Suite APIs list)
- Admin SDK
- Whitelist connected apps
- Using OAuth 2.0 to Access Google APIs
- Evaluate a Marketplace app's security
- Access Marketplace apps
- Understand data access for Marketplace apps
- Delete an app
- About the security dashboard
- Get started with the security health page
- View Gmail message content
- Alert center
- Account activity reports
- Security checklist for medium and large businesses
- Mail Exchange (MX) records direct email to the servers hosting your user accounts. To set up Gmail if you have G Suite, you need to point your MX records to the Google mail servers. Multiple MX records can be defined for a domain, each with a different priority. If mail can't be delivered using the highest priority record, the second priority record is used, and so on.
- A TXT record is a DNS record that provides text information to sources outside your domain, that can be used for a number of arbitrary purposes. G Suite uses TXT records for a variety of purposes such as domain verification and to implement email security measures such as SPF, DKIM, and DMARC which we will discuss later.
- A CNAME or Canonical Name record links an alias name to another true or canonical domain name. For instance, www.example.com might link to example.com. With G Suite services you use CNAME records to customize a Google service address or the address of a website built with Google Sites.
- An A or Address record (also known as a host record) links a domain to the physical IP address of a computer hosting that domain's services.
- Name server (NS) records determine which servers will communicate DNS information for a domain. Generally, you have primary and secondary name server records for your domain. When using G Suite you may configure NS records that point to Google servers for DNS queries.
- Set up MX records for G Suite Gmail
- About TXT records
- About CNAME records
- About A records
- Check MX
- G Suite Tool Box
SPF record you are telling receiving mail servers which domains/servers are allowed to send mail on your behalf. Messages sent from other sources may be marked as spam
helps prevent email spoofing on outgoing messages by adding an encrypted header to every message sent. Recipient servers decrypt this header using the DKIM record to confirm it's validity
prevent outbound spam messages using a Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy. DMARC policies tell email servers how to handle messages that fail SPF/DKIM checks
allow users to connect desktop apps to Gmail
allow users to work with Gmail from Microsoft Outlook
- About the security dashboard
- Turn POP and IMAP on and off for users
- Set up an image URL proxy whitelist
- Work offline in Gmail
- Be more aggressive, for strict filtering of email. (although this may result in valid messages being identified as spam)
- Bypass internal mail.
- Use approved sender lists
- Whitelist IP addresses in Gmail
- Block specific senders based on email address or domain
- Use enhanced pre-delivery message scanning
- Customize spam filter settings
- Set up rules to detect harmful attachments
- Set up an inbound mail gateway
- Attachment compliance: attachments of certain types
- Content compliance: search for text content
- Objectionable content: identify messages that contain words in a custom word lists that you define
- Reject it
- Quarantine it
- Deliver it with modifications
- Configure Compliance Policies
- Set up rules for content compliance
- Scan your email traffic using DLP rules
- Set up rules for objectionable content
- Set up and manage email quarantines
- Gmail to scan your inbound mail for spam and compliance purposes, but store the mail on your external mail server
- Some users to receive mail in Gmail inboxes, and others to access mail from your local server (split delivery)
This is the default setting and applies where your organization has all of it's users on G Suite. All messages are delivered directly to the Gmail inbox. If your environment is 100% G Suite you should not need to make changes to your mail routing settings in G Suite, however it is very useful to understand the options available to you as the administrator, so you should walk through this lesson and read the Help Center resources provided.
Incoming messages are routed to either the Gmail inbox or another mail system. This method works well if some of your users use Gmail, and others use a different mail system. This is commonly used during a migration (or deployment) to G Suite.
his is used where you want to route messages to the Gmail inbox and another system. With dual delivery, incoming mail is delivered to a primary mail server first. The primary server delivers each message to the inboxes associated with it, then forwards all messages to a secondary mail server. The secondary server delivers the messages to the secondary server inboxes. This method is useful if you are trialling G Suite for a small number of users but you wish your existing mail system to retain a copy of all messages.
An outbound mail gateway server processes email messages before they’re delivered. Typically, these servers are used for archiving or spam filtering. The gateway server should be configured to accept and forward mail from G Suite mail IPs only to prevent spammers from using it as an open relay. It's also important that your SPF record contains the gateway address. DKIM will work but only if the gateway does not modify the message in any way.
An outbound gateway can also be defined using a routing setting which is preferred as routing settings offer much more flexibility over outbound gateway setting. The outbound gateway setting applies to everyone in the organization where as routing settings can be applied at the OU level. Routing settings can also be configured to use specific envelope filters and address lists. For example, you may only want to archive mail from your legal department. If this is the requirement you would use a routing setting to capture all outbound mail from the legal department only and route that via the gateway.
This feature is also known as a virtual user table. It allows the administrator to reroute a message from one address to another address. Each entry in the address map consists of two email addresses; the original intended address and the address where the message should be routed to.
This feature allows you to use Google Vault to store messages from another mail platform.
This feature allows Gmail content to be archived in a third party archive system.
This setting is only for users whose mailboxes are located on an on-premise/non-Gmail mail server. It allows you to use Gmail's spam filtering and other G Suite features such as content compliance and mail routing but messages are delivered to the users external inbox. You must not turn this feature on for Gmail users as they will lose access to their Gmail inbox.
If your organization uses a non-Gmail mail service, you can configure the SMTP Relay service to route outgoing mail through Google. You can use this setting to filter messages for spam and viruses before they reach external contacts. You can also apply G Suite email security and advanced Gmail settings to outgoing messages.
Don't confuse this with the Outbound gateway setting described above. In that setting, your users are using Gmail and you want to route all outbound mail through another SMTP server defined by the outbound gateway setting. Using the SMTP relay service, Google becomes the outbound gateway for your non-Gmail mail users.
You can use this setting to determine the route a message must take if it requires secure transport. For example, if you use a third-party encryption service, you can use the alternate secure route setting to route otherwise insecure traffic to it.