As an administrator, you might want to restrict emails between users in different organizational units. For example, a school district might want to prevent elementary school students from receiving email from high school students.
You can do this by creating one compliance rule for the sender and one for the recipient. For more information, see Set up rules for content compliance.
Create 2 compliance rules
In the example below, elementary school students will be prevented from receiving mail from high school and middle school students.
Create a sending rule to apply a header to internal messages that identifies a user type (for example, teacher, elementary student, or high school student).
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu AppsGoogle WorkspaceGmailCompliance.
- On the left, select the organizational unit of the users that you want to apply the sending rule to, such as High School Students.
- Scroll to the Compliance section, point to the Content compliance setting, and choose an option:
- Click Configure.
- If the setting is already configured, click Edit or Add another.
- Add or update a description for the rule, such as Mark all messages sent by High School Students with high-school header.
- Under Email messages to affect, verify that only the Internal - sending box is checked.
A domain is internal if it is a verified workspace domain, or a subdomain or parent domain of a verified workspace domain.
- Under Add expressions that describe the content you want to search for in each message, select If ALL of the following match the message from the drop-down menu.
Note: No actual expressions should be added. - Under Headers, check Add custom headers.
- Click Add.
- Under Add header, enter user-type for Header key and a name for Header value.
For example: X-user-type: high-school - Click Save.
- Click Add Setting or Save to save the compliance setting.
Repeat the above steps for additional organizational units that you wish to prevent from sending messages to another organizational unit, such as middle school students.
Create a receiving rule for the organizational unit that shouldn’t receive email from some other organizational unit.
-
In the Admin console, go to Menu AppsGoogle WorkspaceGmailCompliance.
- On the left, select the organizational unit that you want to apply the receiving rule to, such as Elementary School Students.
- Scroll to the Compliance section, point to the Content compliance setting, and choose an option:
- Click Configure.
- If the setting is already configured, click Edit or Add another.
- Add or update a description for the rule, such as Prevent elementary school students from receiving email from messages with high-school and middle-school headers.
- Under Email messages to affect, check Internal - receiving.
- Under Add expressions that describe the content you want to search for in each message, click Add.
- Under Expressions, select Advanced content match in the drop-down list.
- Under Location, select Full headers.
- Under Match type, select Matches regex.
- Under Regexp, enter:
^X-user-type: (high-school|middle-school)$ - Under Regex Description, enter Reject message if it is marked with high-school or middle-school.
- Click Save.
- Under If the above expressions match, do the following, select Reject message from the drop-down menu.
- Under Customize rejection notice, enter a description for the sender to receive so that they understand why the message was returned to sender.
For example, This message has been rejected because your organization is not allowed to send email to the Elementary School Students organization. - Click Add setting.
- Click Save.