Compliance setup to take action (Quarantine) on a DLP processed email in Gmail

This configuration is designed to route the emails with DLP X-Header response “DLP reject” to quarantine. Currently, this configuration is supported using header “DLP-Reject”. In a future release, DLP X-Header response “DLP-Quarantine” will be introduced.

Steps

  1. In Google Admin Console, go to > > Google Workspace > Gmail > Compliance.
  2. Under Content compliance section, click ADD ANOTHER RULE. The Add setting window appears.
  3. In Content compliance field, enter the name or short description (ex. DLP Quarantine) for this compliance setting.
  4. Under Email messages to affect section, select Outbound.
  5. Under Add expressions that describe the content you want to search for in each message section, select If ANY of the following match the message.
    1. In Expressions section, click ADD. The Add setting window appears.
    2. Select Advanced content match from the drop down.
    3. Under Location section, select Full headers.
    4. Under Match type section, select Starts with.
    5. Under Content field, enter X-Forcepoint-DLP-Email: DLP-Reject.
    6. Then click Save.
  6. Under If the above expressions match, do the following section:
    1. Select Quarantine message.
    2. Enable Notify sender when mail is quarantined (onward delivery only)


  7. Click Show options to enable additional options.
    1. Under Account types to affect section, select Users, Groups and Unrecognized / Catch-all.
  8. Verify the settings and click SAVE.

    The compliance setup for DLP Quarantine rule is created with the DLP-Reject header.

    Note: After creation of the Gmail compliance for the DLP Quarantine, it might take few minutes but typically happen more quickly.