Gmail BCC setup with Cloud Email Security (formerly Area 1)

For customers using Gmail, setting up Cloud Email Security via BCC is quick and easy. All you need to do is create a content compliance filter to send emails to Cloud Email Security through BCC. The following email flow shows how this works:

Email flow when setting up a phishing assessment risk for Gmail with Cloud Email Security.

To setup Cloud Email Security phishing risk assessment for Gmail:

In the Admin console, go to Menu > Apps > Google Workspace > Gmail > Compliance.
Scroll to Content Compliance and select CONFIGURE.
Add a Content Compliance filter and name it Area 1 - BCC.
In Email messages to affect, select Inbound.
Select the recipients that you want to send emails to Area 1 via BCC:
1. Select Add to configure the expression.
2. Select Advanced content match.
  1. In Location, select Headers + Body from the dropdown.
  2. In Match type select Matches regex.
  3. In Regexp input .*. You can customize the regex as needed and test within the admin page or on sites like https://regexr.com/.
  4. Select SAVE.
In If the above expressions match, do the following, make the following changes:
1. In Also deliver to select Add more recipients.
  1. Under Recipients select Add.
  2. Change the setting to Advanced.
  3. In Envelope recipient select Change envelope recipient.
  4. In Replace recipient add the recipient BCC address. For example, <customer_name>@journaling.mxrecord.io. This address is specific to each customer tenant and can be found in your Portal.
  If you are located in India or the EU, or if GDPR applies to your organization, you will have to replace the @journaling.mxrecord.io domain in the BCC recipient with the appropriate record to process emails in the appropriate geographic location. Refer to the Geographic locations table for more information.
  1. Make sure that in Spam and delivery options > Do not deliver spam to this recipient is not checked.
  2. Under Headers select Add X-Gm-Spam and X-Gm-Phishy headers.
  3. Select SAVE.
Scroll down and select Show options.
1. Under Account types to affect select Groups.
2. Select SAVE.

Geographic locations

Select from the following BCC addresses to process email in the correct geographic location.

Host	Location	Note
`<customer_name>@journaling.mxrecord.io`	US	Best option to ensure all email traffic processing happens US data centers.
`<customer_name>@journaling.mailstream-eu-primary.mxrecord.io`	EU	Best option to ensure all email traffic processing happens in Germany, with fallback to US data centers.
`<customer_name>@journaling.mailstream-eu1.mxrecord.io`	EU	Best option to ensure all email traffic processing happens within the EU without fallback to US data centers.
`<customer_name>@journaling.mailstream-bom.mxrecord.mx`	India	Best option to ensure all email traffic processing happens within India.
`<customer_name>@journaling.mailstream-india-primary.mxrecord.mx`	India	Same as `mailstream-bom.mxrecord.mx`, with fallback to US data centers.
`<customer_name>@journaling.mailstream-asia.mxrecord.mx`	India	Best option for companies with a broader Asia presence.
`<customer_name>@journaling.mailstream-syd.area1.cloudflare.net`	Australia / New Zealand	Best option to ensure all email traffic processing happens within Australia.
`<customer_name>@journaling.mailstream-australia.area1.cloudflare.net`	Australia / New Zealand	Best option to ensure all email traffic processing happens in Australia, with India and US data centers as backup.

Gmail BCC setup with Cloud Email Security (formerly Area 1)

​​ Geographic locations

Geographic locations