Settings Up External
April 15, 2014
Cloud-to-Cloud BackupG Suite

Email Content Scanning, Backup and Archiving in Google Apps

In the first two blog posts, we provided an introduction to integrating Google Apps with external mail servers and the process for setting up long-term split email delivery. Today, we will become experts of email content scanning, backup and archiving for Google Apps.

Email content scanning (and routing!)

Google Apps offers automated email content scanning.

Google defines three distinct purposes for scanning: for content compliance, for objectionable content, and for attachment compliance.

The first two scan messages and text attachment content. Attachment compliance scans attachments based on attachment name, type or size. Note that attachments other than text files are not scanned for file content.

As the Google Apps administrator, you define three things:

  • Which messages to scan,
  • What scans should look for, and
  • What to do when a match is made.

The last bit makes content scanning relevant in this guide: a message that matches your scan criteria can be re-routed.

Scanning may help ensure compliance with organization policies. For example, your company might establish a policy of never permitting inbound or outbound attachments. Mail with attachments could simply be rejected, notifying the sender of the rejection. Alternatively, email with attachments could be delivered, but with attachments removed.

Which messages to scan

First, choose which messages to scan. As with routing options, you may define different scans for different organization units. Or, you may choose to scan all mail for your Google Apps account domains.

Scanning may be restricted to external mail (outbound and/or inbound) or internal email (outbound and/or inbound). Any one — or all — of the four options may be selected. The default selection is all four sets.

What to scan for (or, scan criteria)

Next, you’ll specify what to look for.

Content compliance and objectionable content scans may be set to scan for text strings or patterns. You’ll define these strings using regular expressions (regexp), a common method of specifying a search patterns in text.

For example, a regular expression configured to find any string containing “am Gibs” would return a match when scanning a document containing the name “William Gibson”.

Within a scan, you may specify searches for multiple regular expressions. You can choose whether the scan must match any or all of the terms.

Learn more from Google: “Guidelines for using regular expressions

What to do when a match occurs

When a message or attachment matches one of your regular expressions, Gmail offers two options: reject the email, or modify it. Rejected email returns it to the sender. You can explain the rejection with customized rejection notice text.

Modified mail will be delivered. Note, however, that one of the ways to modify the email is to change the recipient: so modified mail may be delivered to someone other than the specified recipient!

Modifications that may be made to email include modifying the header or subject, flagging a message as spam, changing the mail route, and replacing or adding recipients. Additionally, attachments may be removed.

Learn more from Google: “Content compliance setting”, “Objectionable content setting”, and “Attachment compliance setting

Restrict delivery

You may choose to limit the exchange of email between specific domains for groups of users.

A school district might choose to limit students to emailing within the district, while allowing faculty and staff to email anyone. A business might provide a long-term contractor a company email address, but limit the contractor to sending email internally from that account.

To configure this, log in to your Google Apps admin console. Go to Google Apps > Settings for Gmail > Advanced settings. Choose your domain or organizational unit and go to “Restrict delivery”.

Learn more from Google: “Restrict delivery setting

Backup and archiving

A backup provides a copy. And, since digital copies are essentially indistinguishable from originals, a backup copy can replace a missing original. An effective email backup system changes whenever a person’s email data changes, and offers fast retrieval and restoration of email. The best email backup systems provide retrieval and restoration even when the entire original email system is unavailable. Example: Backupify for Google Apps provides a cloud-to-cloud backup system that backs up email up to three times a day, and offers fast retrieval and restoration of missing email.

An archive is essentially a backup set that never changes. An archive preserves an historical picture: a snapshot of email preserved at a specific point in time. An email archive search will always return the same results: today, tomorrow, and any time in the future. The purpose of an archive is preservation, not restoration. Example: Google Apps Vault offers archiving and retention of email based on administrator defined policies.

System settings for data retention and user access help define the difference between a backup and an archive. If people can retrieve and restore recently deleted email easily, that’s a backup. If email is permanently preserved and not user accessible, that’s an archive.

A legacy mail server may also provide email backup and/or archiving. You’d either configure the server for long-term dual delivery, or route all mail through the server. Running this legacy server will incur additional costs. You need to determine if the business benefit is worth the additional cost for your organization.

We hope you found the Google Apps guide to setting up external mail servers blog series interesting and useful. If you would like to read the complete eBook, please download it below. Be on the look out for additional eBooks in our Google Apps training guide series!


SaaS Data Under Siege: Ransomware’s Rising Threat

Your cloud data could be just as vulnerable to the next wave of cyberattacks as data hosted on-premises

Office 365 logo

Secure Office 365 data protection. Backupify delivers fast recovery of Exchange, OneDrive, SharePoint Online, Calendar, Contacts and Microsoft Teams data.


Office 365 logo

Google Vault alone does not ensure your G Suite data is recoverable. Quickly restore lost data from Gmail, Calendars & Contacts, Drive and Shared Drives with Backupify.


See Why Backupify Wins SaaS Backup