This use case is designed to block and notify the sender of an email with DLP X-Header response “DLP Drop Attachment” about the email’s unsuccessful delivery due to a sensitive
attachment, along with an explanation message.
Steps
-
In Microsoft Exchange admin center page, navigate to . The Rules screen appears.
-
Click . The New transport rule screen appears.
-
On the Set rule conditions page,
-
Enter a unique name (ex. DLP Drop Attachment) for the rule in the Name field.
-
In Apply this rule if* field:
- Select The message headers… from the first drop-down list.
- Then select matches any of these text patterns from the second drop-down list.
- Click Enter text. The specify header name window appears.
- Enter message header X-Forcepoint-DLP-Email and then click Save.
- Click Enter words. The specify words or phrases window appears.
- Enter header text DLP-Drop-Attachment and then click Save.
-
In Do the following* field:
- Select Block the message from the first drop-down list.
- Then select reject the message and include an explanation from the second drop-down list.
- In specify rejection reason prompt, enter the alert message (ex. Your email was blocked due to a sensitive attachment. Please remove the attachment and resend the
email to comply with your organization's DLP policy).
- Click Save.
-
When you complete setting the Set rule conditions page, click Next.
-
On the Set rule settings page, configure the following settings:
-
Select Enforced as Rule mode.
-
Select High in Severity.
-
Tick Stop processing more rules.
-
When you complete setting the Set rule settings page, click Next.
-
On the Review and finish page, verify the settings and click Finish.
-
The Transport rule created successfully message appears. Then, click Done.
The inbound mail flow rule for the DLP drop attachment is created.
Note: After creation of the mail flow rule (DLP drop attachment), it might take 30 minutes or more for the new rule to be applied to emails.
