Sign up for our newsletter! →

A Thorough Approach to Email Security with Google Workspace

Written By
Gmail blog for HanaByte

Since the early 60s, email has been developing into a robust way of communication between users all over the globe – beginning as a simple file transfer to pass a small document with text and evolving to what we use now to schedule meetings with calendar invites, and share pictures or documents. Considering how long email communication has been around, Gmail is actually a relatively new product, but has rapidly become a staple email provider, providing email to 1.8 billion as of 2023 according to stats published by techreport.com earlier this year. A platform as widely accessed as Google has attracted malicious actors across the world, and Google has taken a strong approach to securing their product. Below we’ll take a look into the features Google offers to any domains registered with them and to those paying for even just the basic Workspace tier.

Let’s Start With the Basics

The initial configuration of your domain and DNS records is required before you’re able to start receiving email. Although not a Google-specific feature, you will be prompted to configure your SPF and DKIM records during the initial setup with Google Workspace. The detailed instructions will provide you with the SMTP server, DKIM key, and step by step instructions for configuring these records. As an additional step, you can also add a Domain-based Message Authentication, Reporting and Conformance (DMARC) TXT record to your domain to give routing instructions for emails being received without the proper SPF and DKIM records. Creating this record can be done by hand or with a free tool like the MX Toolbox DMARC Record generator. This final step is often overlooked but is invaluable for protecting your inboxes from spam and ill-intentioned senders. The DMARC record is essentially an instruction booklet for Gmail that gives specific directives regarding incoming email that fails a check on the sending domain’s SPF and DKIM records; it can be configured in various ways, such as sending failed checks to a quarantine or sending daily domain reports to an administrator entailing the amount of traffic being deflected by this procedure. The DMARC record will send two types of reports: an aggregate report that details traffic from your domain and tells you if any emails are failing DMARC checks for the recipient, and failure reports that indicate how many incoming emails are failing the DMARC check before reaching your inboxes. Many premium options exist for DMARC monitoring, but you can check the record manually with the MX Toolbox DMARC report parser for free. Setting up these DNS records is an important first line of defense against potentially untrustworthy emails.

Google Provided Email Controls - Simple and Effective

Google Workspace offers a wide variety of controls aimed at protecting you and your users from common email threats. These controls are offered to all domain owners at every subscription tier, allowing admins to protect their entire organization without forcing a higher premium. Many of these controls are enabled by default but should be reviewed by your administrators to increase awareness and evaluate your current security posture. All of the options can be configured to change how emails flagged are processed. You can choose to allow the email into your user’s inbox with a warning, send them to spam, or send to a quarantine for review. Below we’ll take a look at the app controls and their value to your company’s security:

  • Quarantines – Google will, by default, send spam messages to a user’s spam folder and present the user with a warning if they open the email. With Workspace’s advanced security settings, you can change this behavior based on OU and your company’s structure. Creating a quarantine for spam will allow you to gain access to your company’s spam messages so your admins can process them in one place and implement further controls to block spam from specific senders. Reviewing messages sent to your quarantine will also allow you to notify senders of a potential email misconfiguration. The sender could be completely unaware that their emails are getting put into spam, and might remain unaware until the receiving end notices.

  • Attachment Protection – Workspace has several options to protect users from potentially harmful email attachments. Within each of these options, you can decide if you’d like to send the flagged email to the user’s inbox with a warning, move it to spam, or send it to your quarantine for evaluation. Controls include protection from encrypted attachments, scripts sent from untrusted senders, and emails with anomalous file types (unusual or archaic file types with the ability to spread malware).

  • Link and External Image Protection – These options give Workspace the ability to shield your users from harmful links that may be disguised in emails that have made it through the spam filter. Common security training tells the user to be wary of suspicious links, but what if the link doesn’t look suspicious at all? Google scans the incoming emails for links and provides you with a couple of options to help a user discern if the link they’re about to click is trustworthy. The options provided here are shortened link identification, scanning linked images for links to malicious sites, and warning users when they click any link that will take them to an untrusted domain.

  • Spoofing and Authentication – The last set of controls protects your business from falling prey to email accounts using similar or identical names to trick your users into believing they are from people that they know. Here, Google provides protection against user and domain spoofing and will alert your users if anything is suspicious about the sender. To help understand how helpful this control is imagine if your accountant receives an email from someone using the CEO’s name requesting a routing and account number change for an existing client. Without being tipped off that the sender is spoofing the email address, your accountant may not realize anything is wrong until the client reaches out about the payment not being received.

Staying Ahead

With the bright minds at Google hard at work to create a safer and more usable space the possibilities for options to secure our workspace environments are endless. Perhaps a way to check if an email has been AI generated or maybe providing stronger encryption options could be in the works. Google is constantly adding and streamlining their product so for most of us the new features are a surprise. If you would like to track these changes, you can stay ahead of the curve with Google’s product release calendar.

Relevant Blogs

HanaByte blog compliant Operating System with HanaByte consultant Simon Abisoye
Compliance

Compliant Operating System (OS)

A compliant operating system is any operating system that meets specific standards established by an entity. For example, if an organization wanted to create a CIS-compliant operating system, it would need to meet the standards set forth by the Center for Information Security, whose sole purpose is to “create confidence” in the connected world. A virtual machine image (VMI or image for short) is a bootable copy of the operating system of a virtual machine in the cloud…

Read More →
hanabyte blog, google cloud partner, AI, hanabyte,
Cloud Security

Introducing the Power of AI Security in GCP

In today’s rapidly evolving world, we recognize the immense potential of artificial intelligence (AI) across many different Industries. Google Cloud Platform (GCP) has harnessed the power of Generative AI to bring cutting-edge security capabilities to the forefront. By centralizing security findings in a streamlined and efficient manner, GCP is revolutionizing the way organizations approach cybersecurity…

Read More →
Shea Nangle for HanaByte blog on Bill of materials cybersecurity
Cloud Security

Cloud Services Bill of Materials: An Idea Whose Time Has Come

A Cloud Services Bill Of Materials (CSBOM) is a comprehensive listing of each cloud-based asset utilized by a service that you run. For instance, if your company has a SaaS offering, it is very likely that the offering is dependent on a number of services provided by one or more cloud providers…

Read More →