UTM 9 - Email Protection> SMTP> Data Protection> Data Protection Policy - Other

Hi All,

In an effort to protect our users, we have enabled data protection and selected the various controls corresponding to our business. However the policy rules are a little less then desirable. Or at least I think. The options available are Blackhole, Encryption and Allow. How does Allow work? Do you as an administrator get a chance to release the message? I was hoping to see the option quarantine in this drop down. This would allow us to question users what exactly they are sending in case they are phished etc. We have it set to blackhole currently and upon notification we have to notify the user, disable the controls and allow them to resend if the message is legitimate. Not ideal. 


  • Hi Andrew and a belated welcome to the UTM Community!

    This isn't about spam, so don't be surprised that DLP doesn't handle emails the same way as antispam.  In fact, you can also select that the Sender is notified of a blackholed email.  The sender should have a copy of the email that was blackholed, so the administrator should only need to be involved if a permanent change in a policy for blackholing should be made.  For example, if there were 10 or more Social Security Numbers in an attachment sent from behind our UTM, the Sender and I would be notified that the email was blackholed.  The first time this happens, the person in HR that did that would learn to keep the number below 10 because we would not relax the policy or suspend Data Protection.

    Cheers - Bob

  • In reply to BAlfson:

    Thanks for the welcome and reply. I see what you are saying, we should add a "notify to sender" so they are aware their email did not get through. I was hoping for some kind of quarantine man agent for anything DLP catches. Our situation is we have a lot of accounting email to legitimate recipients including credit cards and bank/routing numbers. To prevent a possible phish it would be great if IT had visibility of these communications. Is there any other component that would offer such feature?

  • In reply to Andrew K:

    One email for the bank account number and another, separate one for the bank routing number.  You and I wouldn't dream of sending a new user his username and password in the same email.  Fewer than three credit card numbers per email.  Those don't seem like restrictions that security-conscious accounting folks should object to.

    That said, people are the weakest link, so I would recommend that you contact your Sophos reseller partner and ask about Sophos Phish Threat.

    Cheers - Bob

  • In reply to BAlfson:

    Yes we try to instill these practices but users will be users. I will check out this Phish Threat thing, pretty cool. Thanks