Sign up for our newsletter! →

A Thorough Approach to Email Security with Google Workspace

Written By
Gmail blog for HanaByte

Since the early 60s, email has been developing into a robust way of communication between users all over the globe – beginning as a simple file transfer to pass a small document with text and evolving to what we use now to schedule meetings with calendar invites, and share pictures or documents. Considering how long email communication has been around, Gmail is actually a relatively new product, but has rapidly become a staple email provider, providing email to 1.8 billion as of 2023 according to stats published by techreport.com earlier this year. A platform as widely accessed as Google has attracted malicious actors across the world, and Google has taken a strong approach to securing their product. Below we’ll take a look into the features Google offers to any domains registered with them and to those paying for even just the basic Workspace tier.

Let’s Start With the Basics

The initial configuration of your domain and DNS records is required before you’re able to start receiving email. Although not a Google-specific feature, you will be prompted to configure your SPF and DKIM records during the initial setup with Google Workspace. The detailed instructions will provide you with the SMTP server, DKIM key, and step by step instructions for configuring these records. As an additional step, you can also add a Domain-based Message Authentication, Reporting and Conformance (DMARC) TXT record to your domain to give routing instructions for emails being received without the proper SPF and DKIM records. Creating this record can be done by hand or with a free tool like the MX Toolbox DMARC Record generator. This final step is often overlooked but is invaluable for protecting your inboxes from spam and ill-intentioned senders. The DMARC record is essentially an instruction booklet for Gmail that gives specific directives regarding incoming email that fails a check on the sending domain’s SPF and DKIM records; it can be configured in various ways, such as sending failed checks to a quarantine or sending daily domain reports to an administrator entailing the amount of traffic being deflected by this procedure. The DMARC record will send two types of reports: an aggregate report that details traffic from your domain and tells you if any emails are failing DMARC checks for the recipient, and failure reports that indicate how many incoming emails are failing the DMARC check before reaching your inboxes. Many premium options exist for DMARC monitoring, but you can check the record manually with the MX Toolbox DMARC report parser for free. Setting up these DNS records is an important first line of defense against potentially untrustworthy emails.

Google Provided Email Controls - Simple and Effective

Google Workspace offers a wide variety of controls aimed at protecting you and your users from common email threats. These controls are offered to all domain owners at every subscription tier, allowing admins to protect their entire organization without forcing a higher premium. Many of these controls are enabled by default but should be reviewed by your administrators to increase awareness and evaluate your current security posture. All of the options can be configured to change how emails flagged are processed. You can choose to allow the email into your user’s inbox with a warning, send them to spam, or send to a quarantine for review. Below we’ll take a look at the app controls and their value to your company’s security:

  • Quarantines – Google will, by default, send spam messages to a user’s spam folder and present the user with a warning if they open the email. With Workspace’s advanced security settings, you can change this behavior based on OU and your company’s structure. Creating a quarantine for spam will allow you to gain access to your company’s spam messages so your admins can process them in one place and implement further controls to block spam from specific senders. Reviewing messages sent to your quarantine will also allow you to notify senders of a potential email misconfiguration. The sender could be completely unaware that their emails are getting put into spam, and might remain unaware until the receiving end notices.

  • Attachment Protection – Workspace has several options to protect users from potentially harmful email attachments. Within each of these options, you can decide if you’d like to send the flagged email to the user’s inbox with a warning, move it to spam, or send it to your quarantine for evaluation. Controls include protection from encrypted attachments, scripts sent from untrusted senders, and emails with anomalous file types (unusual or archaic file types with the ability to spread malware).

  • Link and External Image Protection – These options give Workspace the ability to shield your users from harmful links that may be disguised in emails that have made it through the spam filter. Common security training tells the user to be wary of suspicious links, but what if the link doesn’t look suspicious at all? Google scans the incoming emails for links and provides you with a couple of options to help a user discern if the link they’re about to click is trustworthy. The options provided here are shortened link identification, scanning linked images for links to malicious sites, and warning users when they click any link that will take them to an untrusted domain.

  • Spoofing and Authentication – The last set of controls protects your business from falling prey to email accounts using similar or identical names to trick your users into believing they are from people that they know. Here, Google provides protection against user and domain spoofing and will alert your users if anything is suspicious about the sender. To help understand how helpful this control is imagine if your accountant receives an email from someone using the CEO’s name requesting a routing and account number change for an existing client. Without being tipped off that the sender is spoofing the email address, your accountant may not realize anything is wrong until the client reaches out about the payment not being received.

Staying Ahead

With the bright minds at Google hard at work to create a safer and more usable space the possibilities for options to secure our workspace environments are endless. Perhaps a way to check if an email has been AI generated or maybe providing stronger encryption options could be in the works. Google is constantly adding and streamlining their product so for most of us the new features are a surprise. If you would like to track these changes, you can stay ahead of the curve with Google’s product release calendar.

Relevant Blogs

HanaByte and Cloud Security Alliance (CSA) Logos
Cloud Security

HanaByte and CSA: Shaping the Future of a Secure Cloud Together

HanaByte has joined the Cloud Security Alliance (CSA) as a Trusted Cloud Consultant (TCC)! We are excited as a company to have this announced earlier this year, and we would love to take the time to explain who the CSA is, what it means for HanaByte as a company, and how it matters to those who are seeking a trusted advisor in cloud security…

Read More →
Jeff Pemberton, Google Cloud, Carbon footprint, Hanabyte blog
Cloud Security

Reduce Your Carbon Footprint in Google Cloud (and be more secure!)

Google has many services that can be leveraged to create a low cost, secure environment for your cloud infrastructure; Load Balancing, Google Kubernetes Engine (GKE), Cloud Security Command Center, Intrusion Detection System, and Identity and Access Management (IAM). Google’s security mindset and sustainability initiatives overlap and strengthen each other in several ways…

Read More →