How to find all emails for a specific user of your domain #
When GAT+ is installed, it initially indexes emails from the past 28 days. Going forward, all emails are continuously indexed.
For older emails (beyond 28 days), use Email Content Search
- Open GAT+ and go to Email audit
- Choose Email Content Search from the top menu
- Search any user’s mailbox for emails, regardless of the timeframe, as long as they are not permanently deleted.
Example:
- Search field: in:anywhere
- Enter the user to find all emails from/to them.
- For a broad search across all inboxes, enter the variable “in:anywhere” and select the scope, you can leave date range blank – to see ALL emails
- Use:
in:anywhere
- Use:
- To narrow down the search by date:
- Use: Date range: pick start/end date range
- Use: Last days – select in the the last “x” days etc.
- Scope: select the user email you need
Example:
- Search for specific time frame, select variables (in: anywhere),select the scope user
Date range 2026/04/01 - 2026/05/01 in:anywhere , user X
Note:
- Large searches may take time, especially with many emails.
- The results appear on the screen with a 5-sec refresh until the search is complete.
Navigate through emails with precise search options in GAT+
Optimizing Search Experience in GAT+: #
While waiting for the current search to complete, feel free to utilize other tabs for additional searches.
If the search is taking an extended time, especially with a high volume of emails, it may move to the background.
Upon returning to Email Content Search, simply select “Load filter” to find and apply filter from previous searches
Additionally, you can
- Show result from previous search
- Paste Gmail filter directly in the GAT+ UI.
You can select “Email operations” and use “Unlock” to gain access them.
- Gain access the email content
- Download the emails
- Delete the emails
Conclusion #
As an Admin you can take few actions on the result.
- Export – export the data into CSV or Google spreadsheet
- Download – download the emails in EML or PDF format
- Access request – view the email content
- Remove emails (permanent or trash only) – delete the emails from the users inbox
Note:
- Email Content Search offers a robust alternative for scanning, though it may be slower due to real-time indexing of email metadata.
- For email audits not requiring up-to-the-minute information, it’s recommended to stick with scan-based searches within the Emails tab.
FAQ #
Q1. How far back does GAT+ search for emails by default?
A1: When GAT+ is first installed, it automatically indexes emails from the past 28 days. From that point forward, all incoming and outgoing emails are indexed continuously.
Q2. How do I find emails older than the initial 28-day window?
A2: To find older emails, you must use the Email Content Search feature. This allows you to search a user’s entire mailbox, regardless of the timeframe, provided the emails have not been permanently deleted.
Q3. What is the difference between “Email Audit” and “Email Content Search”?
-
Email Audit (Emails tab): Best for quick audits using already-indexed data. It is faster but primarily covers the period since GAT+ was installed.
-
Email Content Search: Performs a real-time scan of the Google workspace. It is more thorough and covers the entire history of the mailbox but may be slower.
