Tired of my G Suite users falling for emails "from" our CEO and other leadership team members, and the [EXTERNAL] that I appended to the subject of all external emails has been great but not helping everyone.
I have written a Google Apps Script that compares the "from" name of the sender to that user's company email and personal email, and then if there is not a match, it forwards the email to IT (to confirm/let the user know if it was somehow legit) and then deletes it to the user's trash.
I've got a trigger to setup so it runs every minute. It's only looking 3 mins back in emails so it doesn't waste resources/runs but also doesn't miss if it has an error for some reason. Have individually set up for a couple users as a test and myself and it appears to be working great.
My question after not finding a use case in the Google Add-Ons examples that really fit this use case...
How do I best deploy this to all of my domain users such that it uses the existing 1 min trigger, requires no user interaction - except maybe to install, and updates as I update the script?? I'm reading stuff about cards and icons and triggers for opening an email and such but none of this is what I'm looking for. I want it running in the background at all times to where if the user only looks at email on their phone or Mac Mail/Outlook that the script is still catching the phony emails.
Has anyone done anything like this. Google Support people, is there a page I've missed in my search for answers?
I figure out that the question here is that you want to develop an add-on over your whole domain. If my assumption is correct, then you can opt in to follow these steps on how to install G Suite Marketplace apps in your domain. If you want to test the reach of this operation, you could develop an reviewed and trivial app like Cats and introduce it to your domain. While developing your add-on, please be aware of the best practices. After the developing process you can publish it to G Suite Marketplace. Keep in mind that you could add this add-on to your domain even if it's published as internal.
After reading your comments I get that you want to use this add-on even if users aren't online. In that case you could activate domain wide delegation of authority over your domain and use service accounts to control G Suite API interactions. To run this script at every minute you can use cron, but please be mindful of Gmail API quotas.
Along with the former, you can reach G Suite support and they'll better assist you with preventing phishing forces. Please, ask me any question to better clarify myself.