How to enhance your security posture in your enterprise cloud emails: Case for Google Workspace

Episode 5: Deleting Accidental Sent emails in your domain using GAM

As an organization that uses Google Workspace, many a time you will find a user has sent an internal email and copied someone within your team inadvertently, or a member of your organization Google Workspace has received an email in error and one would like to recall or delete the email before it has been read by the recipient. 

For organizations that use Google Workspace Enterprise Plus, the administrator within your tenancy can perform the email deletion using the Gmail message investigation tool, but what if your organization is not on this Google Workspace plan? Worry not we got you as the same can be achieved by running one GAM commandline tool. 

Prerequisite

1. Download and Install GAM (Google Apps Manager) on your device or server;
   • Download GAM from here GAM github
   • Install GAM for the step-by-step process to be effective.
2. Email message ID or IDs for emails you want to delete.

Once GAM has been installed on your device open the command prompt for a Windows device  by click on Windows + R and type CMD then click enter/return key. Once this opens up,  run the following command gam info domain. This will confirm the authorized Google Workspace domain for the GAM project on your PC.

When you send an email through Gmail, a unique Message ID is added to the email header as per the RFC 822 specification. To know the ID of your message, open the email inside Gmail, go to the 3-dot menu, and choose Show Original. The RFC822 Message-ID will be displayed in the first line of the email message header, as shown in the screenshot.

The Message ID of an email message is exactly the same for the sender, the recipient, a shared email, and a migrated email. That means if the recipient opens a member of the shared label or the header of your email in their mailbox, the Message ID will match that of the message in your Gmail sent folder.

Now that GAM is running and we already have the message ID, we go to delete the email. To perform the email deletion from a single-user mailbox. You will need to run the following command. 

•   gam user <user email address> delete messages query “rfc822msgid:<message ID>” doit

Replace the <user email address> with the user email address of the receipt and replace <message ID> with the exact message ID for the email you want to delete. Modify your command and paste the same under your command prompt, the gam command will be something like:

• gam user [email protected] delete messages query “rfc822msgid:122eseitntonsbuwn” doit

To delete for all users whom might have received the email run the following command : 

• gam all users delete messages query “rfc822msgid:122eseitntonsbuwn” doit

One can also confirm the email deletion status from the post-delivery message details from the admin email log search by searching the

Following the above stated steps, you as an organization can be able to delete accidentally sent mails which may contain sensitive information or sent to unintended recipients.

Stay tuned, in our next episodes, we shall cover topics in the following areas:

1. Security Center: Investigation tool
2. Google EMM: Remote Wipe Devices: Windows, Android and iPhone