Gmail Administrators can now enable unintended external reply warnings to mitigate unintentional data loss

This release adds a new Gmail security feature to warn G Suite users when responding to emails sent from outside of their domain and not in their contacts. This feature can give enterprises protection against forged email messages, impersonation, as well as common user-error when sending mail to the wrong contacts.

How does it work?

  • When a user hits reply in Gmail, Google scans the recipient list, including addresses in CC and BCC. If a recipient is both external to the user’s organization and not present in their Contacts, we will display the warning.
  • We treat secondary domains and domain aliases like primary domains, so your users will not be warned when emailing users at your subdomains.
  • If the recipient is intended, the user can dismiss the warning and proceed with the response. We won’t show the warning again for that recipient.
  • Unintended external reply warning is controlled from the Admin console control in the Advanced Gmail settings and is launching default off. It can be toggled on or off by organizational unit or for your entire domain.

Launch Details
Release track:  
Launching to both Rapid and Scheduled release.

Rollout pace: 
Full rollout (1-3 days for feature visibility)

All end users

Change management suggested. The Help Center article below outlines the expected behavior, and can be used to help effectively communicate these changes to users.

More Information
Help Center: Unintended external reply warnings

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates