Advanced phishing and malware protection for Gmail beta

What’s changing

Google is launching a beta program to provide admins with even more controls for advanced anti-phishing and malware protections via the advanced safety settings in Gmail. These build on the advanced protections Google announced in 2018. Admins who are part of the beta will have new controls to:

  • Place emails into a quarantine – Route emails that match phishing and malware controls to a new or existing quarantine. This will be available for new and existing controls.
  • Protect against anomalous attachment types in emails – Identify emails with unusual attachment types and choose to automatically display a warning banner, send them to spam, or quarantine the messages.
  • Protect your Google Groups from inbound emails spoofing your domain – Identify unauthenticated emails potentially spoofing your domain and choose to automatically display a warning banner, send them to spam, or quarantine the messages.

In addition to the new controls, they’ll also update the interface to make it easier to see what settings you have applied and understand what actions you’re taking as a result of each control.

Who’s impacted

Admins only

Why you’d use it

By adding more specific controls, including the ability to quarantine potentially risky messages, Google hope to enable admins to optimize protections for their organization. This will help reduce threats and increase the security of your data while making the experience as simple as possible for your users.

How to get started

  • Admins: Find and turn on the beta features at Admin console > Menu > Apps > G Suite > Gmail > Safety. You’ll find new options to turn on anomalous attachment and groups spoofing protections, and see the quarantine option available for all controls. Use our Help Center to learn more about how to enhance phishing and malware protection.
  • End users: No action needed

Additional details

Place emails into a quarantine 

All the advanced safety settings for Gmail now let you quarantine emails more easily. Choose to move any email that meets certain criteria to a pre-existing quarantine, or create a new quarantine for such messages. Use our Help Center to find out more about email quarantines.

Protect against anomalous attachment types in emails 

Less common file types as email attachments are often used to spread malware. However, different domains might have legitimate uses for uncommon file types. Therefore they’re giving admins more control over how to handle emails with these files attached.

What is identified as an anomalous attachment will be automatically customized for each domain. An intelligent algorithm determines which file types your domain commonly receives and will model the detection based on that. For example, a specific file type may be commonly used on Domain A, but not on Domain B. If both domains had the “Anomalous Attachment” setting enabled, an email with this file type attached would be flagged for Domain B, but not Domain A.

You can see which file types are filtered for your domain by going to the security center’s suspicious attachments chart, filtering by “Anomalous Attachments” and then looking at “Attachment Extensions” (available to G Suite Enterprise and Enterprise for Education domains only).

Admins will be able to:

  • Turn the uncommon attachment type detection on or off.
  • If turned on, choose whether to keep relevant emails in the user’s inbox with a warning banner displayed, send emails to spam automatically, or move emails to quarantine.
  • While they expect the anomalous attachment customization described above to work well, if needed admins can whitelist specific uncommon file types they don’t want identified.
 
Admin controls for unusual attachment types 

Protect your Groups from inbound emails spoofing your domain

External senders can spoof emails to appear as if they come from your domain, using the same protocols that enable many legitimate systems to send email. This setting extends your options to control potential spoofing emails by preventing spoofed messages from posting to Google Groups on your domain. Use our Help Center to find out more about spoofing. Admins in the beta will be able to:

  • Turn the Groups spoofing protection on or off.
  • If turned on, choose whether to keep relevant emails in the user’s inbox with a warning banner displayed, send emails to spam automatically, or move emails to quarantine (if available).
  • Choose whether to apply the settings only to Private Groups (groups with specifically limited membership or intended for organization members only) or All Groups (Private Groups + ones without restricted membership)
Admin controls for inbound email spoofing protections 

Availability

Rollout details 

G Suite editions
Controls are available to all G Suite editions. Chart to view affected emails available is part of the security center and so is available to G Suite Enterprise edition only.

On/off by default?
This feature will be OFF by default.