Unintended external reply warnings in Gmail to mitigate unintentional data loss
This release adds a new Gmail security feature to warn G Suite users when responding to emails sent from outside of their domain and not in their contacts. This feature can give enterprises protection against forged email messages, impersonation, as well as common user-error when sending mail to the wrong contacts.
How does it work?
- When a user hits reply in Gmail, Google scans the recipient list, including addresses in CC and BCC. If a recipient is both external to the user’s organization and not present in their Contacts, we will display the warning.
- We treat secondary domains and domain aliases like primary domains, so your users will not be warned when emailing users at your subdomains.
- If the recipient is intended, the user can dismiss the warning and proceed with the response. We won’t show the warning again for that recipient.
- Unintended external reply warning is controlled from the Admin console control in the Advanced Gmail settings and is launching default on . It can be toggled on or off by organizational unit or for your entire domain.