Data Loss Prevention policy

Data Loss Prevention (DLP) stops data from being leaked by email.

Restriction This option is only available with an Email Advanced license.

In email Data Loss Prevention policies you add rules to restrict the information that can be included in emails. Rules can be applied to inbound or outbound emails and you can add up to 25 rules to a policy.

You can apply rules to different users, groups of users and domains. For example, you could set up a rule to prevent any financial information going out of the organization for most users. You could then apply a less strict rule to accounting staff.

To add Data Loss Prevention to emails, create a Data Loss Prevention policy.

When you create a policy, the action is set to the Sophos default. You can change this when you create or edit the rule.

In Settings, you can see the rules for inbound or outbound emails that are associated with a policy. You can change the order of the rules, and turn them on or off. To view or edit rule settings, click on the rule name. You can also create new rules for a Data Loss Prevention policy.

When you create a rule you can use templates provided by Sophos to protect your data. You can also customize rules as follows.

  • You can choose the action you want to take when sensitive information is found in an email.
  • You can choose who to notify.
  • You can filter messages by whole message size, or just the size of message attachments.
  • You can set a default encryption method for outbound messages.
  • You can override the default encryption method for outbound messages in the settings for individual rules.
Note The encryption option in rules for outbound messages only works if encryption is turned on in Encryption settings.

Go to Email Gateway > Policies and click Data Loss Prevention to manage information restrictions in email. See Create or Edit a Policy.


You can use templates to filter emails for financial, confidential, health and personally identifiable information. You can also filter emails by their attachment file types. SeeSophos default blocked email attachment file types.


You can customize Data Loss Prevention rules using content control lists (CCL), keywords or phrases.

A CCL defines data that you can use to filter emails to prevent data loss. Sophos provides expert definitions for common data types. You can also build CCLs to make customized definitions.

You can specify keywords or phrases you want to use to filter emails. You can add a maximum of 200. Keywords and phrases aren't case sensitive.