Skip to main content
Question

Email Draft Activity Should be Monitored by NGSWG DLP?

  • April 24, 2025
  • 8 replies
  • 185 views
A
Netskope Partner

Anyone concerns about Email draft can not be detected by Netskope?

On App Catalog it says “Create, Edit, Post, Send” support DLP.

On the Application Events, ObjectID can successfully be fetched and we also can clearly saw the activities and content through DevTools.

However, DLP policy is not triggered but the action is recorded.

We also created a support case on this but L3 support responded and claimed it should be related to SMTP DLP module.

 

We are curious if anyone else has encountered this and have similar concern as we do. 

S
Rohit_Bhaskar
A
This topic has been closed for replies.

8 replies

notskope
  • notskope
  • New Member III
  • April 24, 2025

Not sure which mail provider you are referring to, but more generally, Netskope does not scan HTTP GET requests for DLP. Which is how some email services handle saving drafts as you write.

 

However, this also allows data to be exfiltrated via URL query strings. I have raised this concern to Netskope before and, as far as I know this has not been addressed. Though, it has been well over a year since I last tested it.

 

 

Former Netskope PS Consultant, Current Netskope customer
A
A
Netskope Partner
  • AllenWu
  • Author
  • April 25, 2025

We tested on both Gmail and Exchange. They both use HTTP POST requests so this DLP detection we assumed it should be supported by Netskope.

However, what surprised us is after 1 month back and forth, Support thinks this belongs to SMTP DLP module, instead of using NGSWG detection.

 

We understand that RFE could take a while to process and glad to know this also get other’s attention.

notskope
  • notskope
  • New Member III
  • April 25, 2025

However, what surprised us is after 1 month back and forth, Support thinks this belongs to SMTP DLP module, instead of using NGSWG detection.

 

I would request escalation of the ticket, as that does not make any sense.

SMTP does not even come into play in this scenario.

Former Netskope PS Consultant, Current Netskope customer
A
S
Netskope Employee
Forum|alt.badge.img+16
  • sshiflett
  • Netskope Employee
  • April 29, 2025

@AllenWu Please contact your local Netskope account team and mention this thread to them.  I believe we are/have added support for drafts on some of the more common providers but they require feature flags to enable.  Can you also DM me the support case so I can review? 

Sam Shiflett | Netskope Solution Architect - North America
Rohit_Bhaskar
A
Netskope Partner
  • AllenWu
  • Author
  • April 30, 2025

Possible also share the feature flag name so we can check with support if we have enabled it or not?

Rohit_Bhaskar
A
Netskope Partner
  • AllenWu
  • Author
  • May 14, 2025

For all whom have same concern as I do,

Support said this should reach out to Netskope account team to raise an Enhancement Request (ER) for this feature.
So far, the name of this feature flag remain unclear.

S
Netskope Employee
Forum|alt.badge.img+16
  • sshiflett
  • Netskope Employee
  • May 14, 2025

@AllenWu I have added internal notes to the support case but it looks like you have tested with the flag enabled already.  Just to confirm a few things, are you testing with Outlook, Gmail or something else? Additionally,  are you testing with the Outlook desktop application or web application?  

Sam Shiflett | Netskope Solution Architect - North America
A
Netskope Partner
  • AllenWu
  • Author
  • May 15, 2025

Outlook and web application.
Microsoft Office 365 Outlook.com

It said the activities like upload/download/edit/post/send/create support DLP.
ns#/cci/app_index_detail/index/2724

Badges Winner

Show all badges

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Ask your question here!
Terms & ConditionsCookie settingsAccessibility statement