Google is a security conscious company. I almost never get unfiltered spam or phishing attacks in my regular inbox.*
By default, Google sends suspicious mail to the Junk E-mail folder (if it looks like spam but doesn’t seem to contain anything harmful), or Google changes the message header and warns you that it contains real danger. You may have noticed messages like these:
Dangerous messages contain payloads such as Microsoft Word, Excel, or PowerPoint files which may contain executable macros, or compressed files with extension such as .zip, .gz, or .tar. Modified header messages keep us from accidentally clicking on them when we’re cleaning out our inbox at the start of a work day.
As you can see, I received 2 messages in about a week–one contains a Microsoft Excel attachment; the other a compressed file. I’ve never done business with “Fischer Vallery.” Of course I shouldn’t open them and they’ll go right to my Deleted Items folder and then be deleted as soon as I finish this article.
Maybe you’ve seen messages like this too; chances are your staff has as well. But the fact that they still show up in our Inbox is kind of like putting a “Big Red Button” in the middle of our desk with a label reading, “Do Not Press.” You know someone, someday is going to want to see what happens when they press that Big Red Button.
Google also supports quarantine settings for an entire company or a unit within a company.
What is Quarantining?
With a Quarantine, these messages can be filtered so that they are never delivered to a user’s mailbox. There are many ways to manage an email quarantine:
- Mail matching the quarantine filter settings can just be deleted–never to be seen again.
- An admin user can examine the message before deleting it. If a good message was quarantined by accident, it can be retrieved and sent to its destination.
- In addition, a notification email can be sent back to the originator. This either discourages the sender from picking on you again or it lets a valid sender know that their mail was filtered for some reason.
- Finally, filter rules for the quarantine can be modified to prevent “false positives” from making their way into the quarantine in the future.
Here’s what a quarantine report looks like:
Quarantines allow a business to:
- Keep inboxes as clean and small as possible;
- Not give employees the chance of clicking on the “big red button” and unleash malware or a ransomware attack on the company;
- Minimize the chance of human error.
If you would like to set up quarantines on your G-Suite account, let us know.
*It happened once recently with a very sophisticated “zero day attack.” I was a bit surprised. But within a couple of hours, Google filtered it after the fact and then sent out a notification email to anyone who received it.