בס״ד

Gmail Delegation + Forwarding + 2FA — Setting Up Mildred's Access

docs/HOW_TO/gmail-delegation-mildred-access.md · last changed (pre-VM history) · rendered from GitHub master

Gmail Delegation + Forwarding + 2FA — Setting Up Mildred's Access

Codified from Gmail draft 19dc13e84bd4eb1e · Apr 24 2026
Personal reference. Delete the draft after this is executed.

Honest answer first

The RIGHT mechanism = Gmail Delegate Access. Not shared password. Not credential handoff.

Scoping = Gmail Labels + Filters. Sensitive threads get labeled SAM-ONLY; filter hides them from delegate view.

Time: 30–45 min initial setup. Mildred's side is 5 min.

Step 1 — Confirm account type (2 min)

Check: is sam@hookstreetcapital.com a Google Workspace (paid) account or a free Gmail?

Verify: log into sam@hookstreetcapital.com → look for admin.google.com access → if yes, Workspace.

Step 2 — Set up labels for scoping (10 min)

Before granting Mildred access, build the scoping structure.

Create these labels in your Gmail:

Apply labels retroactively:

Step 3 — Create filter rules (10 min)

Auto-label future emails so you don't have to remember.

Filter 1 — Legal auto-label
- From: asher@gulkoschwed.com OR orlando-law.com OR anything with "di masi burton"
- Apply label: SAM-ONLY/Legal

Filter 2 — EG Internal
- From: eli@steinhardtbuilders.com OR sharona@steinhardtbuilders.com
- Apply label: SAM-ONLY/EG-Internal
- (NOT for huvie@, jessica@, abe@ — those are admin/ops Mildred can see)

Filter 3 — Personal
- From: chanietreitel@gmail.com
- Apply label: SAM-ONLY/Personal

Filter 4 — Subject-based
- Subject contains: [HOW-TO] OR [DECISIONS-PENDING] OR [OPEN-LOOPS] OR [EG-CONTEXT-PACK] OR [CLAUDE CODE]
- Apply label: SAM-ONLY/Drafts-System
- Also: Skip Inbox (keep these in drafts only)

Step 4 — Grant Mildred delegate access (5 min)

  1. Gmail → Settings (gear) → See all settings
  2. Accounts and Import tab → "Grant access to your account" section
  3. Click "Add another account"
  4. Enter: mildred@hookstreetcapital.com
  5. Choose: "Mark conversation as read when opened by others" (YES — you'll see what she touched)
  6. Send invitation
  7. Mildred gets email with link → she accepts → done

Her access shows up as account switcher in HER Gmail. She opens your mailbox in her browser.

Step 5 — Scope Mildred's view (5 min, her side)

Two options here — pick one:

OPTION A — Honor system (simpler, works if trust is solid)
- Mildred sees everything by default
- You tell her: "Anything labeled SAM-ONLY → skip it. It's not in your purview."
- Write the "Mildred Purview Memo" so it's explicit

OPTION B — Technical scoping (more complex, air-gap)
- Set up a forwarding rule: only certain labels forward to a shared mailbox Mildred sees
- Mildred doesn't see the main inbox at all, only the forwarded labels
- More work, breaks if you add a new label and forget
- Most consultants/execs use Option A

Recommendation: Option A + written memo. Trust + clarity > technical lockdown.

Step 6 — Confirm 2FA remains intact (2 min)

If you're on a free Gmail (not Workspace): 2FA still works, but you don't get the full audit log.

Step 7 — Set up "send as" properly (5 min)

When Mildred replies from your delegated view:

Step 8 — Forwarding (if relevant)

Only do this if you want certain threads to COPY to Mildred's own inbox (not just show in delegated view):

Settings → Forwarding and POP/IMAP → Add forwarding address: mildred@hookstreetcapital.com
Then create filter → "Forward to mildred@hookstreetcapital.com" for specific labels.

Most people don't need this. Delegate access is cleaner.

Step 9 — Mildred's onboarding (10 min with her, live)

Walk-through (on Tuesday sync or a one-time call):

  1. Show her how to switch to your account view
  2. Walk the labels — MILDRED/* = her zone; SAM-ONLY/* = skip
  3. Explain "send as" — what recipients see
  4. Give her the Purview Memo (separate doc)
  5. Set her expectation: when ambiguous, ASK before acting

Done state

Source trail · docs/HOW_TO/gmail-delegation-mildred-access.md @ master · rendered 2026-07-02 7:23 PM EDT by scripts/build-docs.py · the .md in the repo is the truth; this page is the phone-readable view