This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

Restricted delivery and subdomains/top-level domains? (Penalty Box OU)

Go to solution
icrew
Contributor II

‎03-27-2024 03:44 PM - edited ‎03-27-2024 03:55 PM

Hi all:

We're looking into creating a "penalty box" OU, where one of the settings is to restrict email to only within our domain (no email from or to outside domains).

According to https://support.google.com/a/answer/2640542?hl=en, that should be pretty easy to do with the "restrict delivery" compliance setting.

But we're seeing some weird results: I'm setting this up on a test Workspace instance (sandbox.example.edu) that's fully independent of our production workspace instance (example.edu). They're two completely disconnected Workspace instances, and there isn't any domain allowlisting between them.

But it seems that even with the restrict delivery setting turned on, it's still possible to send mail between sandbox.example.edu and example.edu, and I can't figure out why. I'm guessing that this won't actually be much of an issue when we deploy to prod, but it's strange, so I thought I'd ask if anyone knows what's going on. Here's a screenshot of our settings:

icrew_1-1711579344714.png

And here's the address list you see there:

icrew_0-1711579210924.png

Any ideas would be appreciated!

Thanks,

Ian

Topics:
0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
Kim_Nilsson
Admin Moderator

‎03-28-2024 03:31 AM

I agree that it shouldn't be necessary, but Google's logic may go on the language of the rule and not really on the technical difference when they say that parent domains and subdomains are allowed.

  • Internal email: To allow internal messages between users within your organization, use the Bypass this setting for internal messages option. Internal messages between your organization domains, including parent domains and subdomains, bypass this setting.
--
https://wheretofind.me/@NoSubstitute

View solution in original post

Reply
4 REPLIES 4

Go to solution
Kim_Nilsson
Admin Moderator

‎03-28-2024 03:28 AM

Untick the box for internal mails and try again.

--
https://wheretofind.me/@NoSubstitute
0 Kudos
Reply

Go to solution
Kim_Nilsson
Admin Moderator

‎03-28-2024 03:31 AM

I agree that it shouldn't be necessary, but Google's logic may go on the language of the rule and not really on the technical difference when they say that parent domains and subdomains are allowed.

  • Internal email: To allow internal messages between users within your organization, use the Bypass this setting for internal messages option. Internal messages between your organization domains, including parent domains and subdomains, bypass this setting.
--
https://wheretofind.me/@NoSubstitute
Reply

Go to solution
icrew
Contributor II
In response to Kim_Nilsson

‎04-03-2024 01:30 PM

Thanks @Kim_Nilsson -- that did the trick. I hadn't noticed the "parent domains and subdomains" bit.

Reply

Go to solution
npl
New Contributor III

‎04-02-2024 01:17 AM

You could also run the rule for internal and external and use the 

 Address lists:  Bypass this setting for specific addresses/domains
option to bypass the for local domains - scroll to the bottom of the rules and click show more. 
Screenshot 2024-04-02 at 09.11.39.png

 

Reply
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines