Google Workspace security whitepaper

Gmail protects your incoming mail against spam, phishing attempts, and malware. Our existing machine learning models are highly effective at doing this, and in conjunction with our other protections, they help block more than 99.9% of threats from reaching Gmail inboxes. One of our key protections is our malware scanner that processes more than 300 billion attachments each week to block harmful content.⁷ 63% percent of the malicious documents we block differ from day to day.⁸ In addition, Gmail can scan or run attachments in a virtual environment called Security Sandbox. Attachments identified as threats can be placed in users' Spam folders or quarantined.

We’re continuing to improve spam detection accuracy with early phishing detection, a dedicated machine learning model that selectively delays messages (less than 0.05 percent of messages on average) to perform rigorous phishing analysis and further protect user data from compromise.

Our detection models integrate with Google Safe Browsing machine learning technologies for finding and flagging suspicious URLs. These new models combine a variety of techniques, such as reputation and similarity analysis on URLs, allowing us to generate new URL click-time warnings for phishing and malware links. As we find new patterns, our models get better with time, and adapt more quickly than manual systems ever could.

Spammers can sometimes forge the “From” address on an email message so that it appears to come from a reputable organization’s domain. To help prevent this email spoofing, Google participates in the DMARC program, which lets domain owners tell email providers how to handle unauthenticated messages from their domain. Google Workspace customers can implement DMARC by creating a DMARC record within their admin settings and implementing an SPF record and DKIM keys on all outbound mail streams.

When employees are empowered to make the right decisions to protect data, it can improve an enterprise’s security posture. To help with this, Gmail displays unintended external reply warnings to users to help prevent data loss. If you try to respond to someone outside of your company domain, you’ll receive a quick warning to make sure you intended to send that email. And because Gmail has contextual intelligence, it knows if the recipient is an existing contact or someone you interact with regularly, to avoid displaying warnings unnecessarily.

With Google’s hosted S/MIME solution, once an incoming encrypted email with S/MIME is received, it is stored using Google's encryption. This means that all normal processing of the email can happen, including extensive protections for spam, phishing and malware, as well as admin services (such as vault retention, auditing and email routing rules) and high-value end user features such as mail categorization, advanced search and Smart Reply. For the vast majority of emails, this is the safest solution, giving the benefit of strong authentication and encryption in transit without losing the safety and features of Google's processing.

Gmail users can help protect sensitive information from unauthorized access using Gmail confidential mode. Recipients of messages in confidential mode don't have the option to forward, copy, print, or download messages, including attachments. Users can set a message expiration date, revoke message access at any time, and require an SMS verification code to access messages.