Integrate Gmail with a CEA

Updated 3 months ago by admin

How integration works

To integrate Gmail with our CEA, specify an email address where journal messages are forwarded. If you specify more than one email address, journal messages are sent to all email addresses.

We recommend you set up TLS compliance when you use CEA solution. This ensures Gmail requires TLS encryption when sending mail to the CEA solution.

Set up a 3rd-party archiving solution

  1. Sign in to your Google Admin console.
  2. In the Admin console, go to Menu  AppsGoogle WorkspaceGmailRouting.
  3. (Optional) On the left, select the organization.
  4. Under Routing, click Configure and select Inbound, Outbound, Internal - sending & Internal - receiving.
  1. Under the section Add more recipients, enter the email address for where you want to send journal messages.
The email address is your CEA company TAG, i.e. companytag@uk.archive.clouduss.com for the UK environment or companytag@archive.clouduss.com for the EU environment.
  1. Click Add .
  2. At the bottom, click Save.
How messages are managed
Versions of the messages that are journaled

Important: Journaled messages are not exempt from Gmail policies that reject messages containing potential viruses and harmful software. For more information, see File types blocked by Gmail.

  • Inbound messages—The version of the message received by the user is the one journaled. For example, if a content compliance policy triggers and strips the attachment, the journal copy won’t have the attachment.
  • Outbound messages—The version of the message sent by the user is journaled. For example, if a content compliance policy triggers and strips the attachment, the journal copy would retain the attachment.
  • Internal messages—For messages sent within your domain, acts like an inbound message for the recipient and an outbound message for the sender.

Messages that are sent to admin quarantines

  • Inbound messages—If an inbound message is sent to admin quarantines, the journal copy isn’t sent until the message is released from the quarantine. If a quarantined message is denied, the user never sees the message and therefore it’s not archived. 
  • Outbound messages—If an outbound message is sent to admin quarantines, a journal copy is sent when the user clicks Send, irrespective of whether the message is quarantined.

Messages with multiple recipients

Sometimes when a message is sent to multiple recipients, one group can receive a different version of the messages due to compliance or routing policies. 

  • Inbound messages—A separate journal copy with the relevant message version is sent corresponding to each recipient. To determine whether multiple recipients received the same message, the archiving solution should use deduplication logic. 
  • Outbound messages—The copy sent by the sender is journaled.
  • Internal messages— Internal recipients will remain on the message. Although some internal recipients may not actually get the message due to content compliance or other policies, delivery to some or all recipients is captured.

Messages with unrecognized recipients

Journals aren’t sent for messages received for unrecognized recipients. To journal for a particular user, the user must be registered. 

Retry mechanism for SMTP failure codes

If a message isn’t successfully delivered to the journal address and the Simple Mail Transfer Protocol (SMTP) host returns a temporary error (4xx), Gmail tries to resend the messages for 8 days. If the SMTP host returns a permanent error (5xx), Gmail does not try to resend the message. 

Security considerations

We recommend configuring the third-party archive to reject messages that aren’t Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) signed. Google uses DKIM signing in 2 ways:

  • Google key on the customer’s behalf (if customer has not setup)
  • Customer key

We recommend that you set up TLS compliance to secure the connection to third-party archiving solutions.


How did we do?