Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=data-control-policy

Data control policy

Data control allows you to inspect emails and take actions depending on their contents.

Note

This option is only available with an Email Advanced license.

In Data control policies you add rules to restrict the information that can be included in emails. Rules can be applied to inbound or outbound emails and you can add up to 25 rules to a policy.

You can apply rules to different users, groups of users and domains. For example, you could set up a rule to prevent any financial information going out of the organization for most users. You could then apply a less strict rule to accounting staff.

You can add external users and domains to policies, not just those in your organization. See External users and domains.

Create a Data control policy

To create a Data control policy, do as follows.

  1. Go to Email Security > Policies.
  2. Click Add Policy.
  3. Select Secure Message and click Continue.
  4. Enter a name for the policy.

  5. Add Internal users, groups, or domains for the policy. The policy applies to users in any of the users, groups, or domains lists.

    You can hover over a user's name to see their email address.

  6. Add External users and domains for the policy, if you want to. The policy applies if accounts in the internal users, groups, or domains lists send messages to addresses or domains in your external list. See External users and domains.

  7. Click Settings.

A new Data control policy has no rules. To control the actions taken with messages going in or out of your organization, you add rules. See Create a Data control rule.

Data control rules

In existing Data control policies, click Settings to see the rules associated with a policy. Rules can be applied to inbound or outbound messages. You can change the order of the rules, and turn them on or off. To view or edit rule settings, click on the rule name.

When you create a rule you can use templates provided by Sophos to protect your data. You can also customize rules as follows.

  • You can choose the action you want to take when sensitive information is found in an email.

  • You can choose who to notify.

    If you delete a mailbox that receives notifications, you must select a different one, or turn notifications off.

  • You can filter messages by whole message size, or just the size of message attachments.

  • You can set a default encryption method for outbound messages.
  • You can override the default encryption method for outbound messages in the settings for individual rules.

Note

The encryption option in rules for outbound messages only works if encryption is turned on in Encryption settings.

Go to Email Security > Policies and click Data control to manage information restrictions in email. See Create or Edit a Policy.

External users and domains

You can use external users and domains in Data control as well as your own users and domains. You can use them at policy level and rule level.

Note

When we analyze senders and recipients of messages, we use their SMTP envelope sender and recipient addresses, not their from-header and to-header addresses.

Policy level

To use external users and domains at policy level, click the External tab when you create or edit a policy.

You can add individual email addresses or domains, or import them from a file. You can include or exclude your list from the rule. The default is Include all.

Rule level

When you add or edit a rule you define how the rule applies to external domains and addresses. See Create a Data control rule.

Templates

You can use templates to filter emails for financial, confidential, health and personally identifiable information. You can also filter emails by their attachment file types. See Sophos blocked email attachments.

Custom

You can customize Data control rules using content control lists (CCL), keywords or phrases.

A CCL defines data that you can use to filter emails and take actions.

You can specify keywords or phrases you want to use to filter emails. You can add a maximum of 200. Keywords and phrases aren't case-sensitive.

More resources

This video explains how to set up email policies. It covers Email Security policies and then Data control policies.

You can also view this video on the Sophos Techvids page. See Sophos Email: Get Started with Sophos Email.

We also have other videos that take you through setting up Sophos Email Security.