Gmail DLP Feature Walkthrough

Gmail’s Data Loss Prevention (DLP) feature lets you scan your organization’s email traffic for content such as credit card or Social security numbers and quarantine emails containing such information.

The DLP uses a set of predefined detectors to evaluate message content to be able to find what you are looking for quickly and conveniently. DLP policy can be set-up to automatically scan the following: email subject, message body, and attachments (even scanned OCR files!) and also include confidence threshold and even more sophisticated configurations.

Lets take a closer look on the DLP feature.


Sign into your
Google Admin Console and navigate to Apps > Google Apps > Gmail > Advanced settings.

In the
Organizations section, make sure your top-level organization is highlighted.





Scroll down to the Compliance section. If the setting’s status is Not configured yet, click Configure.

When the Add setting dialog box is displayed, specify the details to create a policy.
– Near the top, add a title or a short description for the policy.
1. Email messages to affect: click Outbound to scan outgoing mail.
2. Expressions: click Add. Click Predefined contents match and from the drop-down list, select the relevant predefined detector. You can see various detectors for personal information format of different countries (for instance, SSN for the United States). For this example, we will select Credit card number.

Minimum number of matches: Set how many times the detection of content appeared must match in order for your action to happen. Default value of 1 means that only 1 set of credit card numbers is needed to match within message content to trigger the action you define.

Confidence threshold:
can be set to either medium (more messages will trigger the action) or high (fewer false positives, more false negatives). The confidence threshold will detect the message content accordingly to meet your criteria to your level of specifications.





3. If the above expressions match, do the following: Choose whether you want to modify, reject, or quarantine the message. For this example, we chose to reject and entered following in the Customize rejection note section:

When you are done with the policy, click
Add setting or Save to close the dialog box.
Note: To apply this policy to all Google Apps users within your domain, this could take up to an hour.





We will actually wait an hour, to test if this policy was installed properly. Don’t worry, we used a dummy credit card number for testing purposes.


You can see that our mail was successfully rejected! Flavored with our customized rejection note:

This DLP feature is only available in
“Google Apps Unlimited” (or Google Drive for Work) edition. For more information, please consult with Google or Reseller partner like us.

Cloud Integration & Aggregator
Google for Work & Google for Education Partner