Mail Rules - Create, Edit and Delete Mail Rules for Google

Back

---

Managing Mail Rules in Google Workspace: How to Create, Edit, and Delete Mail Rules

Google Workspace provides powerful tools for managing email flow, automating actions, and enforcing security policies. By creating mail rules, administrators can automatically filter messages, apply labels, forward emails, and prevent unwanted content from reaching inboxes. This guide walks you through the process of creating, editing, and deleting mail rules in Google Workspace.

---

1. Creating Mail Rules in Google Workspace

Mail rules in Google Workspace can be set up at two levels:

• User-Level Filters (created in Gmail settings).
• Admin-Level Rules (configured in the Google Admin Console for organization-wide control).

1.1 Creating User-Level Mail Filters in Gmail

If you want to create a rule for your personal inbox:

1. Open Gmail and click on the gear icon ⚙️ in the top right.
2. Select "See all settings" → Go to the "Filters and Blocked Addresses" tab.
3. Click "Create a new filter".
4. Define conditions such as:
   • From: Filter by sender (e.g., "alerts@example.com").
   • Subject: Filter by keywords in the subject line.
   • Has the words: Filter by message content.
   • Has attachment: Filter messages with attachments.
5. Click "Create filter", then choose actions:
   • Skip inbox (archive).
   • Mark as read.
   • Apply a label.
   • Forward to another email.
   • Delete.
6. Click "Create filter" to save the rule.

1.2 Creating Organization-Wide Mail Rules in Google Admin Console

Admins can enforce mail rules for all users in a domain:

1. Sign in to Google Admin Console (admin.google.com).
2. Go to Apps → Google Workspace → Gmail.
3. Select Compliance → Content Compliance.
4. Click "Add Rule", then:
   • Define a condition (e.g., emails containing sensitive keywords).
   • Choose an action (block, quarantine, forward, or modify messages).
5. Click Save to apply the rule.

---

2. Editing Mail Rules

2.1 Editing User-Level Filters in Gmail

1. Open Gmail settings (Settings → Filters and Blocked Addresses).
2. Find the filter you want to modify and click Edit.
3. Change conditions or actions.
4. Click Update filter to save changes.

2.2 Editing Organization-Level Rules in Google Admin Console

1. Open the Admin Console → Gmail Compliance Rules.
2. Locate the rule you want to edit.
3. Click Edit, modify the conditions/actions, and save.

---

3. Deleting Mail Rules

3.1 Deleting User-Level Filters in Gmail

1. Open Gmail settings (Settings → Filters and Blocked Addresses).
2. Locate the filter to delete.
3. Click Delete, then confirm.

3.2 Deleting Organization-Level Rules in Google Admin Console

1. Open Admin Console → Gmail Compliance Rules.
2. Find the rule you want to remove.
3. Click Delete and confirm.

---

Best Practices for Mail Rules

• Avoid overly broad rules that might filter important emails.
• Regularly review and update rules to ensure they meet security policies.
• Use content compliance policies for enforcing security across your organization.
• Test mail rules before applying them globally to prevent unintended email loss.

By effectively managing mail rules, users and admins can streamline email workflows, enhance security, and reduce spam and phishing risks in Google Workspace. 🚀

Frequently Asked Questions

Sign-ins

What is an "Impossible Travel" sign-in event?

This occurs when a user logs in from two distant locations within a time period that would be physically impossible. For example:

• 8:00 AM: Sign-in from New York.
• 8:15 AM: Sign-in from London. This indicates possible account compromise or session hijacking.

Why is sign-in monitoring important for security?

Sign-in logs help detect unauthorized access attempts, brute-force attacks, and compromised accounts. Reviewing sign-ins can reveal impossible travel scenarios, MFA bypass attempts, or login anomalies that indicate potential breaches.

How can creating policies help enhance security?

Creating policies allows you to:

• Proactively Manage Threats: Implement rules that automatically respond to unusual or unauthorized activities, helping to mitigate potential risks before they escalate.
• Customize Security Measures: Tailor security settings to fit the unique needs of your organization, ensuring that protective measures align with your specific security goals.
• Ensure Compliance: Maintain compliance with regulatory requirements by enforcing consistent policies that govern data access and user behavior.

Remediations

How to enforce MFA on a user

How to enforce MFA on a user

To enforce Multi-Factor Authentication (MFA) on a user in our platform, follow these steps:

1. Go to Identity Hub.
2. Click on the selected user.
3. Navigate to the Remediations tab.
4. Scroll to the Enforce MFA section.
5. Select the application where you wish to enforce MFA for the user.
6. Click Enforce.

MFA will then be enforced for the user on the selected application.

How to reset a user password

How to reset a user password

To reset a user’s password on our platform, follow these steps:

1. Go to Identity Hub.
2. Click on the selected user.
3. Navigate to the Remediations tab.
4. Scroll to the Reset Password section.
5. Select the integration where you wish to reset the user's password.
6. Click Reset Password.
7. Follow any additional instructions if prompted.

The user’s password will then be reset according to the selected integration’s requirements.

How to Suspend a User

How to suspend a user

To suspend a user on our platform, follow these steps:

1. Go to Identity Hub.
2. Click on the selected user.
3. Navigate to the Remediations tab.
4. Scroll to the Suspend Account section.
5. Select the integrations from which you'd like to suspend the user.
6. Click Suspend.

The user will then be suspended from the chosen integrations.

General

How Rotate Enhances Identity Security

Rotate's Identity Hub offers a comprehensive suite of features designed to strengthen your organization's identity security:

• User and Device Management: Gain visibility into user details, monitor actions, and manage connected devices and applications.
• Security Enforcement: Enforce Multi-Factor Authentication (MFA) and strong password policies, and enroll employees in security awareness training programs.
• Remediation Actions: Quickly respond to threats by suspending accounts, resetting passwords, disconnecting users from all apps and devices, and enforcing MFA.
• Access Monitoring and Anomaly Detection: Track login behaviors with geo-location heatmaps and AI-driven insights to detect risky activities and anomalies, such as impossible travel or suspicious login times and locations.
• Policy Management: Create and enforce security policies with specific actions like alerts or restrictions to address potential threats.

By integrating these capabilities, Rotate's Identity Hub provides a robust framework to protect your organization against identity-related threats.

On this page