Enhance rules for advanced email content filtering with predefined detectors

Supported editions for this feature: Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus.  Compare your edition

Content compliance rules let you use predefined content detectors when scanning inbound or outbound email. Google specifically designed these predefined detectors to locate sensitive data, such as credit card, Social Security, or passport numbers. Predefined detectors are available for many common U.S. and international data types. Here you can see a list of the available predefined content detectors.

Like a standard Gmail content compliance setting, you can use predefined detectors to trigger automatic responses. These include quarantining, rejecting, or modifying a message. You can also combine predefined detectors with keywords or regular expressions to create more sophisticated content compliance policies.

Learn more about the content compliance setting.

DLP for Gmail (beta): You can create data loss prevention (DLP) rules to control sensitive content shared in Gmail by your users. Use rules to flag sensitive information and keep it from leaving your organization. For details, go to Prevent data leaks in email & attachments (beta).

A note about accuracy

Predefined content matching is not 100% accurate because not all types of data can be detected with high confidence. For example, credit card numbers can be detected with high confidence by matching a well-defined pattern as well as a checksum. However, ABA routing numbers are detected with medium confidence, because detection relies only on a checksum of 9 digits. 

Predefined content matching doesn’t guarantee compliance with regulatory requirements. As the customer, you can decide which data is sensitive and how to best protect it. Test your settings to make sure they meet your requirements and use the quarantine option to verify content matches.

Create a content compliance rule with predefined content detectors

Before creating a content compliance rule, you might want to review the available predefined content detectors.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Appsand thenGoogle Workspaceand thenGmailand thenCompliance.
  3. (Optional) On the left, select an organization.
  4. Select Content Compliance:
    • If the status is Not configured yet, point to the setting and click Configure.
    • If the status is Locally applied or Inherited, click Edit or click Add another rule to edit it or add a new setting.
  5. At the top, enter a short description, such as Credit card number detector.
  6. In the Email messages to affect section, select the required types of messages to affect. 
    For example, to limit this setting to outbound mail, uncheck all boxes except Outbound.
  7. In the Expressions section, click Add.
  8. From the list, select Predefined content match.
  9. From the list, select the relevant predefined detector. 
    For example, if you want to scan outbound messages for content that includes credit card information, select Credit card number.
  10. (Optional) Set the following options:
    • Minimum number of matches—The number of times the specified content must appear in a message to trigger the action. For example, if you select 2, at least 2 different credit card numbers must appear in a message to trigger the action. Duplicate appearances of the same credit card number don’t trigger the action.
    • Confidence threshold—An additional measure used to determine whether messages trigger the action. There are two confidence threshold levels:
      • High—Fewer messages exceed the threshold, so fewer messages trigger the action. This might result in more false negatives: More messages being delivered when they shouldn't be. As a result, use this setting if you want messages to be delivered at the expense of occasionally letting messages through when they should trigger the action.
      • Medium—More messages exceed the threshold, so more messages trigger the action. This might result in more false positives: More messages triggering the action when they should simply be delivered. Use this setting if you're not sensitive to messages occasionally triggering the action when they should be delivered.
  11. Click Save.
  12. Choose whether you want to modify, reject, or quarantine the message. To verify content matches, try the quarantine option.
  13. Click Add setting or Save to close the dialog box.

    Any settings you add are highlighted on the Email settings page.

  14. At the bottom, click Save.

Changes can take up to 24 hours but typically happen more quickly. Learn more

Related information

Best practices for faster rules testing

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
18314557436641940461
true
Search Help Center
true
true
true
true
true
73010
false
false