Compliance setup to take action (Quarantine) on a DLP processed email in Gmail
This configuration is designed to route the emails with DLP X-Header response “DLP Quarantine” to the spam quarantine mailbox.
Steps
-
In Google Admin Console, go to
>
> Google Workspace > Gmail > Compliance.
- Under Content compliance section, click ADD ANOTHER RULE. The Add setting window appears.
- In Content compliance field, enter the name or short description (ex. DLP Quarantine) for this compliance setting.
- Under Email messages to affect section, select Outbound.
-
Under Add expressions that describe the content you want to search for in each message section, select If ANY of the following match the
message.
- In Expressions section, click ADD. The Add setting window appears.
- Select Advanced content match from the drop down.
- Under Location section, select Full headers.
- Under Match type section, select Starts with.
- Under Content field, enter X-Forcepoint-DLP-Email: DLP-Quarantine.
- Then click Save.
-
Under If the above expressions match, do the following section:
- Select Quarantine message.
- Enable Notify sender when mail is quarantined (onward delivery only).
-
Click Show options to enable additional options.
- Under Account types to affect section, select Users, Groups and Unrecognized / Catch-all.
-
Verify the settings and click SAVE.
The compliance setup for DLP Quarantine rule is created.
Note: After creation of the Gmail compliance for the DLP Quarantine, it might take few minutes but typically happen more quickly.