Turn on and Configure Gmail’s Anti-Phishing Capabilities

Gmail’s anti-phishing capabilities have been around since April 2018 in Australia. I’m just not seeing the uptake these new email safety features deserve.

I’m going to stay on point in this blog with Cloud Admin’s current focus on email authentication – email spoofing (SPF, DKIM, DMARC). So my focus is on the Gmail Safety’s section – “Spoofing and Authentication”.

The other 2 sections in G Suite Admin under Apps > G Suite > Gmail > Safety are “Attachments” and “Links and external images” are just as important! These email security settings need equal attention. I’m doing a disservice to the criticality of new settings addressing how attachments are as the attack vector of choice – so be sure to configure these new settings as well.

Back to “Spoofing and Authentication” for this post.

Scroll down and click on “Safety”, under G Suite Admin Console’s Gmail settings.

“Spoofing and Authentication” Gmail Settings Safety Section

Recommendations:

  1. Choose customize settings in the Spoofing and Authentication section.
  2. For each safety setting (listed below) in this section – recommend choosing option “Keep email in inbox and show warning” from the drop-down option list. Make sure this option is manually chosen, as it’s default for some options and not default for others.
  3. Once you’ve lived with the emails “delivered to your inbox with warning for a while, AND you know your SPF, DKIM, and DMARC configuration is working for your domain, revisit the settings and re-configure preferred options for each setting. For example the setting “protect against inbound emails spoofing your domain” is a straight- forward choice – change the option to send those emails straight to spam.

The safety options are (to choose option “Keep email in inbox and show warning”):

  • Protect against domain spoofing based on similar domain names
  • Protect against spoofing of employee names
  • Protect against inbound emails spoofing your domain
  • Protect against any unauthenticated emails – not authenticated (SPF or DKIM)

Why choose “Keep email in inbox and show warning”?

Any emails picked up by the new safety settings still arrive in your inbox like before, but now they come with a warning!

You get to learn what Gmail’s safety measures are doing with the enabled safety settings – specifically regarding phishing attacks due to spoofing and unauthenticated emails.

Email security is an evolving space, and not all email providers support best practice email authentication measures,  so you’ll need to choose the option to still deliver the email to your inbox, accompanied now with a warning.

As I said, live with the option to “keep email in inbox and show warning” for a while, then reconfigure your Gmail Safety Settings to your preferences.

You can read more here: https://support.google.com/a/answer/7577854

2018-08-15T16:06:45+00:00