Conceptual architecture

This section details how Forcepoint DLP for Cloud Email seamlessly integrates with Forcepoint ONE Data Security and your email server to protect outbound emails from sensitive data leaks.



  1. On the organization's email server (Microsoft Office 365 or Google Gmail) environment:
    1. Mail flow rules are configured that are used to filter and route the outbound email.
    2. Mail flow rules are configured to forward and receive external outbound emails to or from the Forcepoint ONE Data Security tenant.
  2. When an external outbound email enters the organization's email server (Microsoft Office 365 or Google Gmail), it is routed to the Forcepoint ONE Data Security tenant via mail flow rules.
  3. In Forcepoint ONE Data Security, external outbound emails are routed to the "Forcepoint DLP Policy Engine” for Forcepoint DLP scan.
  4. Based on the tenant configured rules in their Forcepoint DLP policies, the external outbound emails are mapped to appropriate policies.
    Note: A JSON file facilitates the connectivity between on-premises Forcepoint Security Manager and Forcepoint ONE Data Security service. As part of the initial configuration (software on-boarding) process, the JSON file is uploaded automatically.
  5. After the Forcepoint DLP scan, Forcepoint DLP for Cloud Email returns all emails back to the organization's email server (Microsoft Office 365 or Google Gmail). Alternatively, emails can be smart hosted to another MTA.
  6. In organization's email server (Microsoft Office 365 or Google Gmail) setup, configure the mail flow rules to receive the Forcepoint DLP processed emails which will contain an X-Header (X-Forcepoint-DLP-Email) with Forcepoint DLP response that are listed below:
    S.No Forcepoint DLP Response Description
    1 DLP-Accept Forcepoint DLP recommended to accept or allow the email
    2 DLP-Reject Forcepoint DLP recommended to reject/block the email
    3 DLP-Failed-Policy The email does not match any of the configured policies
    4 DLP-Authentication-Failed Forcepoint DLP cannot authenticate the tenant’s identity
    5 DLP-Scan-Failed Forcepoint DLP encountered an error while scanning the email
    6 DLP-Timed-Out Forcepoint DLP exceeded the time limit of 2 minutes while scanning the email
    7 DLP-Unexpected-Error Forcepoint DLP experienced an unexpected internal error that affected email processing