Data
Loss Prevention monitors email transmitted through various email clients. Data Loss
Prevention
checks the email subject, body, and attachments for data identifiers. For a list of
supported
email clients, see the Data Protection Lists document at:
Monitoring occurs when a user attempts to send the email. If the email
contains data identifiers, Data Loss Prevention will either allow or block the email.
You can define non-monitored internal email domains and monitored
subdomains.
-
Non-monitored email domains: Data Loss Prevention immediately allows the transmission of emails sent to non-monitored domains.
Note
Data transmissions to non-monitored email domains and to monitored email subdomains where "Monitor" is the action are similar in that the transmission is allowed. The only difference is that for non-monitored email domains, Data Loss Prevention does not log the transmission, whereas for monitored email subdomains, the transmission is always logged. -
Monitored email subdomains: When Data Loss Prevention detects email transmitted to a monitored subdomain, it checks the action for the policy. Depending on the action, the transmission is allowed or blocked.
Note
If you select email clients as a monitored channel, an email must match a policy for it to be monitored. In contrast, an email sent to monitored email subdomains is automatically monitored, even if it does not match a policy.
Specify domains using any of the following formats, separating
multiple domains with commas:
-
X400 format, such as /O=Trend/OU=USA, /O=Trend/OU=China
-
Email domains, such as
example.com
For email messages sent through the SMTP protocol, Data Loss Prevention
checks if the target SMTP server is on the following lists:
-
Monitored targets
-
Non-monitored targets
-
Non-monitored email domains
-
Monitored email subdomains
This means that if an email is sent to an SMTP server on the
monitored targets list, the email is monitored. If the SMTP server is not on the monitored
targets list, Data Loss Prevention checks the other lists.
For emails sent through other protocols, Data Loss Prevention only
checks the following lists:
-
Non-monitored email domains
-
Monitored email subdomains