Hey, fellow Google admins.
I’ve just heard of this use case from a Google Workspace customer that they would like to have selective forwarding enabled in Gmail.
Today, what happens is, once you turn off forwarding, all the users in that Google tenant or in that specific organizational unit will not see an option to forward email in their Gmail settings.
So it is all or none based on the organizational unit or tenant, however they do not want this, rather they need it to work based on a condition.
What they really want is this, their users should be able to forward emails within the company, but not outside the company.
Let me share my screen and let’s configure this in our Google Workspace admin console.
So here I’m in my Google admin console.
I will go to Google workspace apps, and then Gmail.
Under Gmail, i will go to end user access.
That’s where you can disable automatic forwarding based on the tenant or the organizational unit and it will remove the option which users see in their Gmail settings, but we do not want this. We want email forwarding to work, but based on some conditions.
Content Compliance Rule Creation
And for that, let’s go back to Gmail settings here and then let’s go to content compliance where we will create a compliance rule.
we will scroll down and create a new compliance rule under Content Compliance, click on “Add Another Rule”.
Let us call this rule “Stop External Forwarding” to give some context to other admins.
Select Outbound to apply this policy only on emails going outside your company.
For outbound, let us define our condition which will make our content compliance rule trigger, click on add expression, and then select “Advance content match” as shown below.
Here, we need to add something which will be found in the forwarded message.
If you look at the message header of the forwarded email, you would notice couple of things here, first one is that “FWD:” gets added to the subject line, however we will skip this as user can change the subject line when forwarding.
Second string that you would find here is ——-forwarded message——- which seems to be added by the system itself, lets pick this as our condition (copy this string from the header not from here).
Note -: You can go more granular here and define further conditions here.
Paste the string that you copied here (don’t copy from this blog post, copy from any of your forwarded email header).
Test Content Compliance Rule
Now, let us test our content compliance rule by sending a test email to couple of recipients, where first one should be someone in our company, and another one should be an outside recipient.
If everything works fine, you would notice that the forwarded email has been delivered to internal recipient as our content compliance policy is only applicable to outbound (emails going outside our Google Workspace tenant) messages.
However, email to external recipient will be bounced as it matches the condition in our content compliance rule as you see below.
Users will also the rejection message that we configured while create the rule, so make sure to make it contextual.
As you see, content compliance can be leveraged to define condition based email routing and can help in such use cases.
Please note there might be multiple ways to do it. This was one of the ways, you can of course go granular and do things like applying this only on headers than headers+body, add more triggers to it, send a copy of such instances to others (e.g to admins) etc.
If you have any questions or comments, please do not hesitate to put it in the comments below and I would be happy to collaborate.
Thank you so much.