Update: In an earlier version of this launch announcement, the new Gmail security feature was described as launching default off. This feature is actually launching default on, with the ability to turn it off in the Admin console. This announcement has been updated to reflect this.

This release adds a new Gmail security feature to warn G Suite users when responding to emails sent from outside of their domain and not in their contacts. This feature can give enterprises protection against forged email messages, impersonation, as well as common user-error when sending mail to the wrong contacts.



How does it work?
  • When a user hits reply in Gmail, Google scans the recipient list, including addresses in CC to determine its risk level. If a recipient is external to the user’s organization, not present in their Contacts or not someone the user interacts with regularly, we will display the warning.  
  • We treat secondary domains and domain aliases like primary domains, so your users will not be warned when emailing users at your subdomains.
  • If the recipient is intended, the user can dismiss the warning and proceed with the response. We won’t show the warning again for that recipient.
  • Unintended external reply warning is controlled from the Admin console control in the Advanced Gmail settings and is launching default on. It can be toggled on or off by organizational unit or for your entire domain.


Launch Details
Release track:  
Launching to both Rapid and Scheduled release.

Rollout pace: 
Full rollout (1-3 days for feature visibility)

Impact: 
All end users

Action:
Change management suggested. The Help Center article below outlines the expected behavior, and can be used to help effectively communicate these changes to users.

More Information
Help Center: Unintended external reply warnings


Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates