thebarnetts.info Google Workspace audit — 2026-04-14
Performed by Chrome Claude (the browser-extension Claude, signed in as mark@thebarnetts.info with admin console access). Full findings, saved so this doesn't get lost in the chat.
Headline
This is the ultra-rare G Suite legacy free edition. Registered January 2011. Google killed this tier for new signups in 2012 and tried to kill it entirely in 2022 before backing down for personal users. 47 licenses available, 3 assigned, $0/month forever, no billing account on file. Worth ~$144/user/year in equivalent paid Workspace service. This account is a unicorn — don't upgrade, don't migrate, don't touch the plan.
Plan & billing
| Field | Value |
|---|---|
| Plan | G Suite legacy free edition |
| Cost | $0.00 |
| Payment method | None on file |
| Started | 2013-03-12 (workspace creation) |
| Licenses | 47 available, 3 assigned |
Users
| User | Last sign-in | Storage | Admin |
|---|---|---|---|
| mark@thebarnetts.info | 2 days ago | 38.02 GB | Super Admin (238 privileges) |
| fran@thebarnetts.info | 4 days ago | 3.42 GB | none |
| kim@thebarnetts.info | 8 years ago | 10 MB | none |
Super admin: mark@thebarnetts.info (confirmed).
Gmail configuration
- IMAP: enabled org-wide
- POP: enabled org-wide
- Per-user outbound SMTP gateways: disabled
- Routing rules: none
- Catch-all: discard (unmatched addresses silently dropped)
- Auto-forwarding: allowed (users can self-configure forward-to-outside)
OAuth / third-party app access
Admin-approved connected apps: none (empty list).
User-authorized "accessed apps" (OAuth grants users have made individually):
| App | Scopes | Users |
|---|---|---|
| Adobe | Google Sign-in | 1 |
| Realtor.com | Google Sign-in | 1 |
| WhatsApp Messenger (Android) | Drive | 1 |
| Shop (Shopify) | Gmail + Sign-in | 1 |
| iOS | Gmail, Calendar, +2 | 1 |
| Google Sign-in | 1 | |
| Zoom | Google Sign-in | 1 |
| Yahoo | Gmail, Calendar, +2 | 1 |
| Amazon Alexa | Calendar, Sign-in | 1 |
Domain-wide delegation: empty. Clean slate for granting API access to Claude when we want to.
Security posture
2-Step Verification: ⚠️ completely disabled at the org level. Not just "not enforced" — the checkbox to allow users to turn on 2SV is unchecked. Combined with a Super Admin account holding 38 GB of data, this is the single biggest risk in the audit.
Open alerts (never reviewed):
1. Spike in user-reported spam — 2026-02-10 (recent)
2. User-reported phishing from asatrianyeva@gmail.com — 2025-02-18
3. Class action notice (Rodriguez v. Google) — 2024-09-26
4. Cloud Data Processing Addendum update — 2023-08-15
5. Google Tasks/Reminders migration notice — 2023-02-21
6. Drive security update — 2021-06-23
Items 3–6 are boilerplate Google legal/product notices and can be cleared without action. Items 1 and 2 are worth a look.
Domain & storage
- Primary domain: thebarnetts.info (verified)
- Aliases/secondaries: none real (one Google test artifact)
- Storage used: 41.45 GB / 75 GB shared pool (55% full)
- Google Drive: 4.95 GB
- Google Photos: 28.82 GB
- Gmail: 7.68 GB
- Per-user: Mark 38.02 GB · Fran 3.42 GB · Kim 10 MB
Action items
Ranked by urgency.
🔴 Security — fix today
1. Enable 2SV at the org level. Security → 2-Step Verification → check "Allow users to turn on 2-Step Verification." 30 seconds. Then turn it on for your own account via myaccount.google.com/security. Don't enforce for Fran until you talk to her.
2. Review the Yahoo OAuth grant. Yahoo is reading Gmail + Calendar from this account — that's unusual unless you (or Mom) explicitly wanted a Yahoo → Gmail migration/import. Revoke if stale.
🟡 Cleanup — this week
3. Decide Kim's dormant account. 8 years unused, but she's family. Suspend (reversible) rather than delete. Security → User → Suspend.
4. Revoke WhatsApp Drive access. Usually only makes sense if someone did a one-time WhatsApp media backup to Drive. If not actively used, cut it.
5. Change catch-all from Discard to Forward → breezybarnett16@gmail.com. This way typos and "contact@thebarnetts.info" attempts don't vanish silently.
6. Dismiss the ancient Google notices (2021–2024). They're legal/product boilerplate, not threats.
🟢 Integration — this week
7. Add mark@thebarnetts.info to claude.ai → Settings → Connectors → Gmail. With IMAP enabled and you as Super Admin, this is a 2-click OAuth flow. After this, G16 Claude has direct live access to the mailbox via the existing Gmail MCP, no browser or forwarding needed.
8. Set up "Send as mark@thebarnetts.info" in breezybarnett16 Gmail so outgoing mail can carry your domain address.
🔵 Later — nice to have
9. Verify DKIM is signing outgoing mail (Apps → Gmail → Authenticate email). SPF is already in place; DKIM wasn't checked in the audit.
10. Google Takeout as a one-time backup of the whole Workspace. Not urgent now that OAuth gives live access.
What NOT to do
- Don't upgrade to a paid Workspace tier. You'd immediately start paying for what you have for free.
- Don't delete Kim — suspend her.
- Don't move mail to a different provider. Fran is happy and the hosting is free.
- Don't mess with catch-all until you decide the forwarding target.