← All controls

23 Gmail Security Sandbox + safety-toggle verification

Security Sandbox detonates incoming attachments in a virtual machine before delivery, catching malware that static scanning misses; it can run for a whole OU or be narrowed by rules (external senders only, high-risk OU only) if the delivery delay is unaffordable tenant-wide. The other half of this control is free on every edition: Gmail's Safety toggles for attachments, links and images, and spoofing and authentication — plus the auto-adopt setting that applies future Google-recommended safety settings without a manual review cycle. Those toggles matter as much as the sandbox does, because they ship on defaults that warn rather than quarantine.

Caveats

Setup steps

  1. open ↗ Apps › Google Workspace › Gmail › Spam, Phishing and Malware

    Enable virtual execution of attachments in a sandbox environment = checked

    Set up rules to detect harmful attachments ↗

  2. Apps › Google Workspace › Gmail › Spam, Phishing and Malware › Security sandbox rules

    Security sandbox rules > Configure > match: sender is external AND recipient in high-risk OU

    Set up rules to detect harmful attachments ↗

  3. open ↗ Apps › Google Workspace › Gmail › Safety

    Attachments (encrypted, scripts, anomalous types), Links and external images (shortened URLs, linked-image scanning, untrusted-domain warnings), Spoofing and authentication (domain spoof, employee-name spoof, inbound unauthenticated, unauthenticated images) = all On; action = Quarantine or Move email to spam

    Advanced phishing and malware protection ↗

  4. Apps › Google Workspace › Gmail › Safety
    Apply future recommended settings automatically
    checked in each section (Attachments, Links and external images, Spoofing and authentication)

    Advanced phishing and malware protection ↗

How to verify

  1. Confirm the sandbox and safety toggles on the OU, then check the security sandbox verdicts appear in the investigation tool for recent attachments.

v0.1.3Preventedition Biz Std+, Frontline Plus / All policy #7 · #6 ↗