Create a Gmail Block Transport Rule

Log in to the Google Admin portal.

In the Dashboard, select

Apps

Google Workspace

Gmail

Compliance

.

In the Content compliance section,

Add Another Rule

.

Configure the email transport rule.

In the
Content compliance
field, enter a descriptive name for the transport rule.
For the
Email messages to affect
, select
Outbound
.
This instructs Gmail to forward the email to
Enterprise DLP
before it leaves your network when the email recipient is outside your organization.
Configure email forwarding to
Enterprise DLP
for emails that have not been inspected.
In the
Add experiences that describe the content you want to search for in each message
section, select
If ANY of the following match the message
.
Add
.
In the
Add setting
page, select
Advanced content match
.
For the
Location
, select
Full Headers
.
For the
Match type
, select
Starts with
.
For the
Content
, enter
x-panw-action: block
.
Save
.
Configure the action Gmail takes for emails that are blocked.
In the
If the above expressions match, do the following
section, select
Reject message
.
(
Optional
) Enter a customized rejection notice when an email is blocked.
Configure the types of Gmail accounts the transport rule affects.
Show Options
.
After you expand the options menu, the button displays
Hide Options
.
In the
Account types to affect
section, select
Users
,
Groups
, and
Unrecognized / Catch-all
.
Save
.

Verify that the email transport rule was successfully added and that the

Status

is

Enabled

.