Gmail Clarify Bypassing Spam Filters

[adhilto]

(Using the numbers of the gmail-changes-1 branch)

GWS.GMAIL.14.1v0.1 instructs users to not use an email allowlist, referring to this feature here:

However, there is another way to create an allowlist that the baseline does not address:

What was previously GWS.GMAIL.18 touched on some of these settings, but this group is being deleted. I agree with the deletion of this group--the guidance there was confusing and contradictory--but I would recommend adding a new control group that rules out the various ways users could bypass spam protections.

Proposed group name: "Spam Filtering"

Policies:

1. "Domains SHALL NOT be added to lists that bypass spam filters." With a note: "Note: Allowed senders MAY be added."
2. "Domains SHALL NOT be added to lists that bypass spam filters and hide warnings."
3. "Bypass spam filters and hide warnings for all messages from internal and external senders SHALL NOT be enabled."

[jkaufman-mitre]

@adhilto Will discuss this with the team to determine which changes should be made. @prodjom

[jkaufman-mitre]

@adhilto We will implement the recommended changes.

[jkaufman-mitre]

PR has been created. TTP Mappings still need to be done and drift rules need to be created.

[jkaufman-mitre]

Drift Rules have been completed. Now only waiting on TTP mappings.

[jkaufman-mitre]

Followed-up on the status of the TTP mappings.