How to add an email or domain to the phishing quarantine.

  1. Open Google Admin:
  2. Click on the Apps -> G Suite -> GMail
  3. Go in Advanced Settings
  4. Stay on the root Org.
  5. In the Content Compliance section on the right hand side, find the one labeled: "Quarantine common phishing emails" and Edit it.
  6. Add an expression for the entry you wish to quarantine:
    Click on the ADD button
    Change Simple content match to Advanced Content Search
    Change location to Full Headers
    Add domain or email address in the content field.
    Click on Save
  7. Click on Save to save the new rule.
  8. Click on Save at bottom of window to Save the changes to Gmail Advanced Settings.
  9. All phishing emails caught by this rule go into the phishing quarantine:
Creation date: 2/8/2019 11:27 AM      Updated: 2/8/2019 11:27 AM