Learn how to block all incoming and outgoing emails in Gmail except for specific whitelisted domain and email addresses.
The finance team in an organization would like to use Gmail for internal communication only. The corporate email policy restricts the finance team from sharing any files or email messages with external teams but the employees are allowed to exchange emails within the team.
Google makes it easy to implement such an email policy in Gmail for GSuite customers.
To get started, sign-in to admin.google.com as your GSuite domain admin and go to Apps > GSuite Core Services > Gmail > Advanced Settings.
Inside the General Settings tab, navigate to Restrict Delivery and click the Configure button to restrict the domains that your employees are allowed to exchange emails with.
Under the Add addresses section, specify one or more domains and email addresses that employees are allowed to send and receive email messages from.
You can specify inputs in the following format:
harvard.edu- Allow emails from everyone in the domain
*.harvard.edu- Allow emails from all subdomains
finance.harvard.edu- Allow emails from a specific subdomain
firstname.lastname@example.org- Allow emails from an email address
When adding domains in the whitelist, it is recommended that you turn on sender authentication to disallow spoofed emails (where the actual sender is different from the FROM address mentioned in the email header). Gmail uses the SPF and DKIM records to verify if the sender is authenticated.
Save the settings and employees would be limited to sending emails to specific domains only.