Enterprise Solutions [Go to GAT Labs for Education solutions here]

6 Ways Google Admins can Increase Gmail Security Against Phishing

6 Ways Admins can Increase Gmail Security Against Phishing Emails

See GAT Labs
in action

Table of Contents

Google Admins, learn how to Increase Gmail Security Against Phishing Emails

Phishing emails are a popular tool in every cyber criminal’s toolbox.

In fact, 56% of IT decision-makers say targeted phishing attacks are their TOP security threat.

In an ideal world, your users’ cybersecurity awareness should be enough to protect them against phishing baits. 

However, we all know that’s not always the case as attackers rely on psychological tricks and prey on users’ busy work schedules.

For Google Workspace admins that means utilizing every security arrow in your quiver to protect your domain against soaring phishing attempts. 

In this blog post we’ll explore and increase Gmail security against phishing emails — so tune in!





Gmail filtering is one of the first steps to protect your users and domain against phishing.

As an admin, you can enable Google’s enhanced pre-delivery message scanning in the Google Admin Console.

This feature scans every message for suspicious content before delivering it to your users’ inboxes if it:

  • Identifies anything suspicious — it performs further content checks into the message in question.
  • Concludes the presence of suspicious content — it sends the message straight to the spam folder.
  • Identifies NO suspicious content — it delivers the message straight to the user’s inbox.

Note: Enabling this feature may result in slight delays of some email messages (up to 4 minutes) as Gmail checks them for suspicious content.



Whitelisting is another simple filtering technique that increases your Gmail security against phishing emails.

It allows you to set a list of senders users can accept email messages from.

SEE: How and Why to Whitelist a Domain in Gmail?

You can also take things one step further using greylisting and blacklisting:

Blacklisting allows you to block email messages from a list of senders you specify.

Greylisting temporarily rejects email messages from unknown senders until it verifies their authenticity.

These techniques help ensure users don’t receive an avalanche of unsolicited emails that may include one (or more) malicious messages or attachments.



Speaking of attachments, we all know how one malicious attachment can wreak all sorts of security hazards, if not detected on time.

That’s why you’ll notice that cybercriminals love to incorporate them in most of their email phishing scams.

Google’s Attachment Protection helps secure your domain against:

  • Encrypted attachments that can’t be scanned for malware.
  • Attachment with scripts from untrusted senders.
  • Anomalous attachment types in emails.

To turn Attachment Protection on:

  1. Sign into your Google Admin Console
  2. From the Home page, go to Apps > Google Workspace> Gmail> then Safety.
  3. In the Safety section, scroll to Attachments.
  4. Select the setting and action you want to apply to incoming emails.



Now let’s talk ‘damage control’!

If a phishing email happens to get past your filtering measures and is opened by any of your users, you need to be able to find and remove it before it causes further damage.

A powerful Anti-Phishing tool can help you achieve that and remove phishing emails that have been received by all (or any) of your domain users.

Gmail security against phishing emails


Ensure mail delivery & prevent spoofing with A Sender Policy Framework (SPF).

This specifies the mail servers that are allowed to send email for your domain. 

Consequently, it protects your domain against spoofing, and helps prevent outgoing messages from being marked as spam. Read more.

Receiving mail servers use SPF to verify that incoming messages that appear to come from your domain were actually sent by servers authorised by you.

6 Ways Admins can Increase Gmail Security Against Phishing Emails


Ensure messages from your domain are delivered as expected using DKIM and DMARC email authentication methods.

DKIMs prevents spoofing by adding an encrypted digital signature to every message sent from your organization.

DMARC sends you reports that help you identify possible email attacks and other vulnerabilities. 

You can also add your brand logo to DMARC-authenticated messages.

Read more about setting up DKIM and DMARC here.



It goes without saying that 2-step verification is one of the simplest (and most important) security measures you can enforce to prevent unauthorized access.

In the event of a successful phishing attack, 2-step verification (2FA) methods minimize the risk of stolen credentials being used to compromise an account.

This can be a real ‘life-saver’, especially for phishing attacks that target high-profile employees like CEOs and CFOs  (known as whaling or C-level fraud).


Closing Thoughts

96% of phishing attacks arrive by email — but there’s a BIG difference between an attempt and a successful attack, and that boils down to your  ‘’security preparedness’’.

Poor security practices and a lack of user phishing awareness make users more vulnerable to email phishing threats.

That’s why, as an Admin, your Google Workspace antiphishing strategy must include three important components to increase Gmail security against phishing emails:

  1. Email filtering techniques
  2. Email authentication 
  3. An Anti-Phishing tool for damage control

Finally, remember that all of these efforts must ultimately rest on the solid ground of User Phishing Awareness to be most effective. 

We recommend sharing the below posts with your users to help them identify email phishing more easily:

SEE: 6 Types of Phishing Emails to Keep an Eye on in 2022

ALSO: The 5 Tell-Tale Signs of a Phishing Email


Stay in the loop

Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.

Don´t miss any updates!

Enter your email address to be kept up to date with content that helps you manage, audit and secure your entire Google Domain.