– Below given description is based on the Google Apps customers.
– Wrong settings may affect your email flow.
– Refer all links and available documents before taking further action.
Fight against SPAM and Spoofing with just 3 stage DNS changes described as below.
Stage 1: Define proper SPF record
Sender Policy Framework (SPF) is an attempt to control forged e-mail. SPF is not directly about stopping spam – junk email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren’t.
- For Google Apps user its just simple TXT record can be updated in the DOMAIN DNS.
– Record type: TXT
– Host: @ or Empty
– Value: v=spf1 include:_spf.google.com ~all
If the same domain is used with other email servers like website query forms or bulk/mass mailing can be refer this help article: https://support.google.com/a/answer/4568483
Kindly visit this link to access FAQ: http://www.openspf.org/FAQ
Stage 2: Integrate DKIM to the your outgoing email.
You can help prevent spoofing by adding a digital signature to outgoing message headers using the DKIM standard.
Recipient servers can retrieve the Digital key to verify that the message really comes from your domain and hasn’t been changed along the way.
- For Google Apps customer can add one TXT records to the domain and after authentication process Google will start adding a digital signature to the each outgoing email from Google Apps.
– Record type: TXT
– Host: google._domainkey or google._domainkey.domainname.com
– Value: v=DKIM1; k=rsa; p=MIGfMA0GCS++++++++++++++++++++++++/+++++++++++++++++++/+++++++++++++++/+/3NIQIDAQAB
To generate the key and configure for your Google Apps, kindly refer this help article: https://support.google.com/a/answer/174126?hl=en&ref_topic=2752442
Kindly visit this link to access FAQ: http://www.dkim.org/info/dkim-faq.html
Stage 3: Secure your domain from Spoofing with DMARC
DMARC is an email authentication protocol. It builds on the widely deployed SPF and DKIM protocols, adding a reporting function that allows senders and receivers to improve and monitor protection of the domain from fraudulent email.
- Once you complete above 2 stages you can deploy the DMARC to your domain to get best out of it.
- If you are “single domain” company and using a single server can simply update the DNS records to avoid getting Spoofed
– Record type: TXT
– Host: _dmarc or _dmarc.domainname.com
– Value: v=DMARC1; p=reject; sp=reject
To configure DMARC for your domain you can refer this help article: https://support.google.com/a/answer/2466563?hl=en&ref_topic=2759254
Kindly visit this link to access FAQ: https://dmarc.org/wiki/FAQ
As Google Apps as the Google Group and SPF, DKIM and DMARC also affect the behavior of the email addressed to the Group Email address.
Kindly refer this help guide for better understanding.
How to set Google Vault to Indefinitely.
Visit the URL https://ediscovery.google.com/discovery/ and login with your Superadmin account.
OR Just Login to your superadmin account and follow image 1, 2, 3 and 4.
Image 1: Select Apps
Image 2: Select G Suite
Image 3: Select Google Vault
Image 4: Select the URL
Image 5: Click on Retention and Edit the Default retention rules for all items.
Image 6: Enable (tick) the Default rule settings for “Set a default retention rule for Mail/ Drive/ Groups”, and confirm the Duration to “Indefinitely” and save the changes.
Follow the same for Drive and Groups.
- Steps for Admin to Generate Backup code:
- Login to Google Apps admin console at “admin.google.com”.
- Open the user profile/ account from Dashboard > Users > Jojo Varghese
- Scroll down the user Profile/ account page and select “Show more”
- Scroll down slightly again and select “Security”
- In security tab you will see the 2-step verification for the user account.
- Select “show backup verification codes” and select “Generate new codes”.
7. Now share only one code with the user.
8. So the user can use code to login the account and turn on 2-step authentication.
9. Each backup code can be used once only.
- Login Steps for User:
- Login to the Google Apps mail account at “mail.google.com”
- Once you entered correct username and password, user will be prompted to enter backup code.
- Enter the backup code we generated above/ or shared by the admin.
4. Once after successful login immediately Configure 2-step verification:
5. Backup code can be used once only.
6. LINK: Configure 2-step verification.
Create a new Outlook profile to connect to Office 365 automatically using Autodiscover:
- From the Start Menu, open Control Panel.
- Click on Mail.
- Click on Show Profiles.
- Click on Add, and enter a profile name.
- Click on OK.
- Enter Username and Password from the DeploymentPro window.
- Click on Next.
- Click on Finish.
Set a local mailbox size by setting a registry key
By adding the following registry key and accompanying DWORD Value, you can limit the size of a user’s mailbox to a specific number of megabytes. This value also includes the size of delegated mailboxes that can be accessed. When you implement this registry key, the Mailbox Size Limit options are not available.
Create the following registry key and accompanying DWORD Value on each computer where Google Apps Sync is installed:
- Add the following registry key: HKEY_CURRENT_USER\Software\Google\Google Apps Sync\EmailSync
- Modify HKEY_CURRENT_USER\Software\Google\Google Apps Sync\EmailSync by adding the following DWORD Value:
- DWORD Value name: MaxStorePstSizeMegaBytes
- DWORD Value data: Enter the number of megabytes that you want as the maximum size of the mailbox (for example, 256 for 256MB)
- The Outlook has some default PST capacity as Outlook 2003 and 2007 can go up to 20GB and Outlook 2010, 2013 and 2016 can go up to 50GB.
- To define more than the default size of the Outlook PST capacity you must update the PST capacity first mentioned in this help guide.
- Once you have updated the PST capacity you can define the local mailbox size accordingly.
Step 1: Close Outlook and other MS office Applications
Step 2: Start menu -> Google Apps Sync -> Delete saved google apps sync passwords
Step 3: Now open your Outlook with Google Sync profile “Google Apps – firstname.lastname@example.org”
Step 4: This should prompt you one pop-up box, enter your email address “email@example.com” and press “Continue”
Step 5: This should open your default browser and will prompt you to login with your Google Apps account.
Step 6: After successful login, select “Allow” button to reassign the Auth to your Google Apps sync tool for Outlook.
Users of Google Apps Sync for Microsoft Outlook (GASMO) version 3.8.430.1200 who also have the Drive service disabled will be continuously prompted to re-authenticate.
How to diagnose:
The Drive service will show as ‘Off’ on the affected user’s overview page within admin.google.com.
When the user attempts to sync using GASMO the dialog box ‘Please sign-in to Google Apps Sync’ will be displayed. After successfully signing in the dialog will continuously re-appear.
There are two workarounds:
1. Enable the Drive service for GASMO users. To do so please see the Help Center article ‘Turn Drive on or off for users’ at https://support.google.com/a/answer/6115117.
2. Disable GASMO Notes sync. To do so please see the Help Center section ‘Disable sync for a specific product’ at https://support.google.com/a/answer/1041455. Specifically the registry keys that should be created are the following:
HKEY_CURRENT_USER\Software\Google\Google Apps Sync\DWORD:SyncFlagsEnabled with value 1
HKEY_CURRENT_USER\Software\Google\Google Apps Sync\NotesSync\DWORD:DownloadEnabled with value 0
HKEY_CURRENT_USER\Software\Google\Google Apps Sync\NotesSync\DWORD:UploadEnabled with value 0
Note that if you are running a 32-bit version of Outlook on a 64-bit installation of Windows the registry prefix will instead be HKEY_CURRENT_USER\Software\Wow6432Node\Google\.
Time: Wed, Dec 9, 2015 at 1:43 AM – The Google Apps product engineering team is currently investigating this issue.
Issue: Windows search does not work specifically for the Google Drive folder
Description: Due to access permission, system is not able to index the files and folder from the Google Drive folder.
Fix: To solve this issue we have 2 methods defined below.
Method 1: with keeping Windows Indexing enable:
Step 1: Open the Google Drive properties
Step 2: Go to Security Tab and make sure that “SYSTEM” user is there and has full Access rights
If not, add it manually by referring following image
Step 3: Save all changes.
Step 4: Now make sure that the option is active (ticked) “Allow files in the folder to have contents indexed in addition to file properties” in “Advance” from “General” tab.
Step 5: If not, enable the option with referring following image.
Method 2: with Disabling Windows Indexing.
Step 1: In the Google Drive Folder, select ‘Organise’, or for Windows 8 Open folder, select ‘View’, select the drop down arrow under ‘Option’,
Step 2: Select ‘Folder and Search Options’,
Step 3: ‘Search Tab’select ‘Don’t use the index when searching in file folders for system files’ and ok.
Step 4: then select ‘Change folder and search options’, >’Search’ and select ‘ ‘Don’t use the index when searching in file folders for system files’ and ‘Apply’.
It can take up to 24 hours for new user accounts to appear in the searchable Directory. You can also hide a user from the Google Apps Directory by changing the sharing options.
- Sign in to the Google Admin console .
- Click Users.
- Select the organizational unit to which you want to add the user. (You might need to click to see organizational units.)
- Click and select Add user.
- Enter the new user’s First Name, Last Name, and Primary email address.
Before assigning an email address, check if a user has an existing account with a Google service such as Gmail or Google Hangouts.
- If your account has multiple domains associated with it, select the domain you want to add the user to.The field to the right of the @ sign is a drop-down list with available domains. The domain you select will be the portion of the user’s email address that appears after the @ sign.
- (Optional) Set the user’s initial password.The Admin console generates a temporary password for the new user, using a mixed pattern of symbols, upper and lower case letters, and numbers. The length of the password will be the greater of the required minimum (eight), or the minimum password length you’ve set for your domain.To set a different initial password, click Set password and enter the password twice. Google requires the password to be at least eight characters. See Password help for tips on creating a strong password.
- (Optional) Click Additional info to add contact information (like the user’s mobile phone number or work address) and employee details (like the user’s employee ID or cost center) to the user’s profile. This information is visible in the Admin console and Gmail contacts.
- Click Create.
- Click Email instructions or Print instructions to deliver the account information to the new user.If you email the instructions, be sure to send the message to an email address that is currently accessible to the user, not to the new email address.
- Click Done.
- (Optional) Edit additional user settings.To set other user settings, such as adding the new user to groups or omitting the user’s information from your Google Apps Directory, click the user’s name in the list. See Manage user accounts for instructions.