Create a Gmail Block Transport Rule

1. Log in to the Google Admin portal.
2. In the Dashboard, select AppsGoogle WorkspaceGmailCompliance.
3. In the Content compliance section, Add Another Rule.

4. Configure the email transport rule.

   1. In the Content compliance field, enter a descriptive name for the transport rule.
   2. For the Email messages to affect, select Outbound.

      This instructs Gmail to forward the email to Enterprise DLP before it leaves your network when the email recipient is outside your organization.

   3. Configure email forwarding to Enterprise DLP for emails that have not been inspected.

      1. In the Add experiences that describe the content you want to search for in each message section, select If ANY of the following match the message.
      2. Add.
      3. In the Add setting page, select Advanced content match.
      4. For the Location, select Full Headers.
      5. For the Match type, select Starts with.
      6. For the Content, enter x-panw-action: block.
      7. Save.

   4. Configure the action Gmail takes for emails that are blocked.

      1. In the If the above expressions match, do the following section, select Reject message.
      2. (Optional) Enter a customized rejection notice when an email is blocked.

   5. Configure the types of Gmail accounts the transport rule affects.

      1. Show Options.
         After you expand the options menu, the button displays Hide Options.
      2. In the Account types to affect section, select Users, Groups, and Unrecognized / Catch-all.

   6. Save.
5. Verify that the email transport rule was successfully added and that the Status is Enabled.