Allowlist incoming email to a group

[Thomas Cook]

We have a desire to have an allowlist for incoming email to a group.  I can't find any documentation to support a feature like this.  Has anyone ever had this need as well and if so, how did you address it?

[Jay Lee]

Make allowed group senders managers of the group and then only allow group managers to post:

gam update group <email> whoCanPostMessage ALL_MANAGERS_CAN_POST

If desired, you can turn off mail delivery to group managers who don't want to see each post.

Jay Lee

On Thu, Apr 15, 2021 at 9:36 AM Thomas Cook <tc...@chattanooga.gov> wrote:

We have a desire to have an allowlist for incoming email to a group.  I can't find any documentation to support a feature like this.  Has anyone ever had this need as well and if so, how did you address it?

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/c07beaa9-fe4b-4375-b413-947c91438fb2n%40googlegroups.com.

[Ian Crew]

What Jay said. There is neither an API nor a UI for the allow list for Groups. (I’ve only been asking for one for something like 7 years now. I’m not holding my breath....)

Ian

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CA%2BVVBp_epT%3DkXTk7tyypt4yFHHs85wUxCTVLc6yXKo8gxwHdgg%40mail.gmail.com.

--

Ian Crew Solutions Architect Productivity & Collaboration Services Information Services and Technology

[Danny Dillon - NOAA Affiliate]

A specific sender role of some sort was actually promised to us for a couple years and then reneged on right before we were forced to retired our legacy system which DID support both internal and external non member senders via "mgrpallowedbroadcaster".  Still waiting... 

A problem with using manager is that it gives permissions to things we don't even want our users to know about, much less edit. Plus we master our groups in LDAP and sync to Google with GCDS. 

Our workaround is to assign a single manager to groups, then allow ONLY delegate access to that manager account ( and send capability to the managed groups ). 

For "granularity"   we allow a "set" to be defined for group restrictions ( using manager along with any/domain/members ).

The sets each have a specific keyword for the attribute, a specific manager/sender account, and a specific group of delegates.

We monitor groups "sets" hourly and set group permissions, managers, and their delegates as needed.

We pulled this out of our hats last minute and everyone hates it by comparison to our old solution. It is a major pain point for us.

Danny

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAD2sLFuBy%3DFwiC9UMx7aPTgGyvGP%2BeiE0GQwx0fPNwxgFoUFGw%40mail.gmail.com.