Gmail doesn’t support filtering or for that matter blocking emails from people not in your contact list. That is to mean, should your email address get in the hands of some unscrupulous entities, your poor inbox stands to get bombarded with spam or worse, phishing attacks.
This is a much-needed feature that seems to have escaped Google despite its obvious security benefits.
Recently I came across a stranger with this predicament and out of curiosity I wondered whether it would be possible to accomplish that using Gmail’s Filter options.
So for the better part of today I’ve been playing around with various filter settings and I seem to have chanced upon a capable workaround: rather than filter emails of those not in your contacts, how about we whitelist the existing contacts instead.
To do that we need to create a filter that will allow only emails from your existing Google contacts to reach your inbox while the rest will be sent to the trash (deleted), archived, forwarded etc. as they arrive.
Sounds good, doesn’t it? Let’s see how to do it then. Be warned though, much of this will be done manually so be prepared to set some time apart, and secondly, this is only suitable if you’ve a small contact list. This is because of Gmail’s filter 1500-character limit, which we can do nothing about.
Step 1: Select Contacts to Whitelist
- Log in to your Gmail Account, then switch to Google Contacts by clicking on the Contacts icon on the right side of the page.
- Inside Google contacts, select the contacts you’d wish to receive emails from. If it’s all of them, select one then at the top select the checkmark to select all.
- Just above the contacts, click on the Send Mail icon as you would were you sending an email to all the selected contacts. If some contacts have phone numbers only, Gmail will just ignore them and only add those with valid email addresses.
- Doing that will open a compose mail pop-up window with the selected contacts added as recipients.
- Now we need to copy the added contacts in the format used by Gmail. To do that, click the more button to reveal all the contacts, then click anywhere inside that box and press Ctrl + A.
- Open a text editor like notepad and paste the email addresses there. You can then discard the email.
Step 2: Create a Filter to Block Emails
- Go back to Gmail and open its Settings.
- Select the Filters and blocked addresses tab and click on the Create a new filter link.
- That should open a small Filter pop-up window at the bottom of the Search bar.
- Now we need to create a search term from the copied email addresses in the following format:
from:([email protected] OR [email protected] OR [email protected] OR [email protected]). Note that the OR operator has to be in caps and the from: at the start must be included as it indicates that the terms are email senders. - The copied addresses will be in the format
John Doe <[email protected]>, Jane Doe <[email protected]>, Jack Screw <[email protected]> …. So basically you have three things to get rid of:- The names at the start (this is the trickier part)
- The commas which you can replace with the OR i.e., find
,and replace withOR. - The two arrows which you can batch remove quickly by replacing them with nothing.
- Take your time and create the search term. It shouldn’t take you that long if you only have a handful of contacts. On the other hand, if you have a slightly longer list, you may consider using Find and Replace or a Regular Expression to create the term quickly. However, please note the following:
- The search term has a character limit of 1500 characters. So ensure to keep it below this otherwise Gmail will reject the term. A text editor with a character counter (such as Notepad++ or Sublime Text) can help you in this.
- If you’ve a long contact list that exceeds this limit, then this workaround may not be suitable for you as stated earlier. This is because creating multiple filters will not work as Gmail applies them independent of each other, which is to mean it will block contacts in the other filters.
- Once you’ve your contacts in the search term, paste it inside the Doesn’t have box.
- To preview which emails would be blocked by this filter, click on the search button. All the emails not in your contact list will be filtered out.
- You can also do the opposite test to confirm that emails only from your contacts will be allowed. To do that, paste the search term inside the From box but exclude the from: part at the start. Doing this should display emails only from the included contacts.
- Once you’re done, click the button at the end search bar to restore the filter window. Next, click on the Create filter button at the bottom of the filter window.
Step 3: Choose a Filter Action
Next, you’ll be provided with a list of options of what to do with emails that don’t match the search term. The obvious choices here are to have them either Skip the Inbox or to Delete them.
With Skip the Inbox the emails won’t show up in the inbox and instead will be archived the moment they arrive. The archived emails can be accessed from the All Mail label (not the [Imap]/Archive).
If you chose to Delete them, they will be sent to the Bin automatically. As usual, they’ll be deleted completely if they stay in there for more than 30 days.
If you want the existing emails not from your contacts to be applied that filter, put a check mark on the Also apply filter to matching messages.
Once you have selected the option, click on the Create filter button to finish. The filter will now be active, however you can edit it any time by going to the Filters and blocked addresses settings.
You can also export this filter and import it in other Gmail Addresses.
If you happen to get a new contact that you’d wish to allow, just edit this filter by adding their email address to the search term inside the Doesn’t have box, then update the filter (don’t forget to add the OR operator).
You can also delete the filter anytime should you wish to stop filtering out the non-contacts from your inbox.
I know this is not the most intuitive way to do this, but in the meanwhile, I hope it meets your needs.
Update: For an automated solution, take a look at EmailGurus. I’m yet to test it, but the author claims it does exactly what I’ve outlined here. It’s open source, and you can refer to its GitHub to learn more on how it works and review its code.
I couldn’t find an automated way to do this (the way I do it in Outlook/Exchange), so I wrote a Google Apps Script that will keep checking Gmail and create a filter for email sent from addresses that are not in my Contacts. The code and a YouTube video showing how to install and schedule it are at https://github.com/garyholeman/CreateGmailFilters.
Thanks Gary for sharing the script with us.
This is a stupid way to block all other emails. I am getting nothing but spam at my gmail account and in Outlook you can select to receive emails ONLY from people in your list. This approach doesn’t take in the account that spam email is not simply an @spam.com domain. They have many different characters like @[email protected]#$ndiwn99.com and such. I would be doing this for the rest of my life because Google’s spam filter is a complete joke. I went to try to block them and it said “You can’t block your own domain.” What utter garbage Outlook and Gmail are. At least in Outlook I can block unwanted spam and only receive email from trusted email addresses. I really wish Google would get on the ball and get this done. We are heading into 2022 and they are STILL living in the 90’s!
The filter inputs such as ‘Doesn’t have’ in Gmail has a character limitation of 1,500. How might someone with a contact list having more characters than the 1,500 maximum allowed use this method to restrict received emails to their contact list?
Hello Shawn,
I wasn’t aware of this limit, so thanks for bringing it to my attention. I’ll update the post accordingly. A solution would perhaps be to set up multiple filters, restricting each to less or equal to 1500 characters until your entire contact list is covered. While I haven’t tested this, it should in theory work as Gmail accepts multiple filters.
Hi Kelvin,
I did test adding two filters. The problem is since the filters are looking for different email addresses as the from criteria with the action to delete, they delete the good emails since the email address you want to receive is not in both filters. The solution is awesome for a small contact list, but when the contacts list grows, it doesn’t look like the filter will work. It is really unfortunate Gmail has the 1,500 maximum character condition.
Oh, that makes sense. I had assumed the filters would be independent of each other. Guess this then is only useful for those with small contact list. Still, it’s a very hacky way and I wish Gmail had this function built in as a basic setting.
Even if this way of doing it has shortcomings, I do appreciate it, it is being very useful to me. The “tricky part” of fixing the addresses can be done by manually fixing start and end, and then replacing >(whatever)< with OR (between spaces). A regex for doing this is writing >.+?< as the search expression in a mildly good text editor equipped with regex.
Thanks for taking the time to research and write this. BTW, it’s useful to me since I have a gmail account with my name, and only my name (yay! no peter.parker8278 or whatever), but every other peter.parker who forgets to write his tail number subscribes me to any kind of services. So I’m cleaning up my gmail (not my primary mail, but a very useful one) by using your whitelist method. I do have a very short list of authorized addresses, so it works great.
Glad to hear it’s working great for you!
I am using Gary Holeman’s script. seems to be effective.
Would love to have script event driven, e.g on email receipt, rather than timed execution. Cant find a way.
I’m not aware of a script like that.