Ask the community

SMTP DLP

rfletcher
New Contributor III

Anyone using the new SMTP DLP functionality? If you are, how are you doing your alerting to users about blocking/intercepting emails? 

-Ryan
1 Solution
sshiflett
Netskope
Netskope

The Netskope SMTP DLP functionality leverages an SMTP proxy and integrates with Office365, Gmail, or your MTA to perform alerting and user education.  When Netskope DLP detects a violation, we take the administrator specified action which is usually inserting a header.  You then configure Office365 or your MTA to take action based on this header.  The alerting can either come from a Netskope email alert that's triggered when the policy hits(screenshot below) or the MTA can alert the user when they take action.  The latter will be dependent on the MTA provider but if you have a specific one in mind I can check if we have a sample configuration.sshiflett_0-1621884875623.png

 


Sam Shiflett
Netskope Sales Engineer - North Florida

View solution in original post

3 Replies 3
sshiflett
Netskope
Netskope

The Netskope SMTP DLP functionality leverages an SMTP proxy and integrates with Office365, Gmail, or your MTA to perform alerting and user education.  When Netskope DLP detects a violation, we take the administrator specified action which is usually inserting a header.  You then configure Office365 or your MTA to take action based on this header.  The alerting can either come from a Netskope email alert that's triggered when the policy hits(screenshot below) or the MTA can alert the user when they take action.  The latter will be dependent on the MTA provider but if you have a specific one in mind I can check if we have a sample configuration.sshiflett_0-1621884875623.png

 


Sam Shiflett
Netskope Sales Engineer - North Florida
bob
Moderator
Moderator

Here is a demo I recorded of the Email DLP workflow for O365 Exchange https://resources.netskope.com/products-capabilities-data-protection/demo-email-dlp

As @sshiflett shared, the native support without an MTA relies on an email notification.

We have had requests for real-time user notifications and coaching pages. The SMTP proxy mechanism makes real-time pop-up notifications and coaching more difficult given that often times email is not consumed via a browser or even via a device that is steering Netskope traffic. The beauty of this approach is that it covers all ways email is accessed. It is just that the out-of-band nature of the approach makes real-time notifications difficult.

We will continue to look at ways to better incorporate additional notification mechanisms including leveraging the fact that you have a Netskope client.

rfletcher
New Contributor III

Thanks Bob. My issue with utilizing the netskope related alerts is they really lack in information to an end user. There's very little customizability in the notification with respect to email variables (subject, sender, recipient, action) and I'm currently exploring other options for notification to end users via our mailflow products since Microsoft isn't exactly helpful either in this case. 

-Ryan

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In