Embedded Files
This relates to a wish for little kids to only be able to email their teachers and not other students.
Here's the documentation:
https://support.google.com/a/answer/9175444?hl=en
Here's the story in pictures:
1. Applied at the "all students" OU, a sending rule which adds "user-type: student" to the headers:
2. Applied at the "VERY Restricted email" OU (kids in grades 5 and under), a receiving rule which bounces emails that have that custom header content:
3. An overview of the inheritance:
4. An extra step support helped me figure out -- add "mailer-daemon@googlemail.com" to the "Restrict Delivery" whitelist (otherwise, the senders don't get the bounce message, it just silently fails):
This is the net result:
1. Students in grades 5 and below can NOT send or receive emails from ANY other student in the domain. If they try, they will get an auto-reject message and the email will not go through to the recipient.
2. Students in ALL grades CAN send and receive email with non-students (teachers) in the domain.
3. Students in grades 5 and below CAN send, but can NOT receive, email from students in grades 6 thru 8.
4. (As has always been the case) Students younger than 8th grade cannot send or receive emails with anyone outside of the domain, except for a whitelist of known services we use (e.g. Google, Apple, Meraki, etc.)
#3 is unavoidable without creating a horrific spaghetti of intertwining rules. But I really don't see it being an issue. If an older kid gets an email from a little kid, they can bring it to a grownup's attention, and it can be dealt with as a "teachable moment" for the youngster.
Page updated
Report abuse