|Example OU setup|
This guide assumes that you have all your students by themselves in either one OU or an OU with sub-OUs by some grouping scheme and the groups are named by their graduation year, meaning if the OU is "15", then the group is also named that and the email for it is "firstname.lastname@example.org"
First thing is first, make sure the group is set to allow "Owners of the Group, Managers of the Group and All Organization Members" to post in the Basic Permissions of the group(s) itself. This will allow anyone in the domain to email this group. We are going to limit this elsewhere.
|Basic Permissions section of the group itself|
|Gmail Compliance section of the top level OU|
Next, we need to add an expression or rule to match off of. The expression we are going to build is an Advanced content match, the Location is Any envelop recipient, and the Match type is Matches regex. Once these options are selected, the logic behind the filter can be filled in and tested. In the Regexp field, enter one of the following styles and then hit Save. Repeat as necessary for your lists.
- ^[0-9][0-9]@domain.com - All emails in the form of ##@domain.com trigger the rule
- ^[0-9][0-9]@domain.(com|org|k12.edu) - All emails in the form of ##@domain.com, ##@domain.org, or ##@domain.k12.edu trigger the rule
- ^[0-9][0-9]@(example|domain).com - All emails in the form of ##@example.com or ##@domain.com trigger the rule.
|Testing the Regexp to make sure it works|
This can be built out to your specific setup easily with the use of OR logic by using (phrase 1|phrase 2|phrase 3) to substitute multiple items in the same rule. An example Regexp that catches all email to your student lists could be something along the following (this is assuming that you have these groups set up with the appropriate grades as members in them):
^(hs|ms|is|es)-students@(domain1.k12.edu|domain2.k12.edu)This would trigger on the following addresses on both domain1.k12.edu and domain2.k12.edu:
hs-students@domains, ms-students@domains, is-students@domains, and es-students@domains.
Finally, choose whether you want to Modify, Reject, or Quarantine the message. For this guide's purposes, Reject message will be selected and an appropriate rejection notice applied. After that, add the setting using the Add setting button and then Save Changes.
|Compliance rule with a custom rejection notice added|
Note: I still need to test whether the ^ (signifies that the expression must begin with the following phrase) is necessary. I believe it is as Google's documentation states that Any envelope recipient compares against the rule one at a time and you don't want emails sent to email@example.com from someone in the OUs getting rejected. Google's Regexp documentation here.