The Netskope SMTP DLP functionality leverages an SMTP proxy and integrates with Office365, Gmail, or your MTA to perform alerting and user education. When Netskope DLP detects a violation, we take the administrator specified action which is usually inserting a header. You then configure Office365 or your MTA to take action based on this header. The alerting can either come from a Netskope email alert that's triggered when the policy hits(screenshot below) or the MTA can alert the user when they take action. The latter will be dependent on the MTA provider but if you have a specific one in mind I can check if we have a sample configuration.
Here is a demo I recorded of the Email DLP workflow for O365 Exchange https://resources.netskope.com/products-capabilities-data-protection/demo-email-dlp
As @sshiflett shared, the native support without an MTA relies on an email notification.
We have had requests for real-time user notifications and coaching pages. The SMTP proxy mechanism makes real-time pop-up notifications and coaching more difficult given that often times email is not consumed via a browser or even via a device that is steering Netskope traffic. The beauty of this approach is that it covers all ways email is accessed. It is just that the out-of-band nature of the approach makes real-time notifications difficult.
We will continue to look at ways to better incorporate additional notification mechanisms including leveraging the fact that you have a Netskope client.
Thanks Bob. My issue with utilizing the netskope related alerts is they really lack in information to an end user. There's very little customizability in the notification with respect to email variables (subject, sender, recipient, action) and I'm currently exploring other options for notification to end users via our mailflow products since Microsoft isn't exactly helpful either in this case.