Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-add-data-control-rule

Add rule

You can add rules to the Data Control policies to detect and manage sensitive information in emails. You define what to scan for and select what action to take when the rule matches.

To add a rule to an existing Data Control policy, do as follows:

  1. In Sophos Central, go to My Products > Email Protection > Policies.
  2. Click an existing Data Control policy.
  3. Click Settings.
  4. Click Inbound or Outbound to set the direction of emails this rule checks.
  5. Click Add rule.
  6. Enter a rule name and description.

  7. Select a rule type.

    You can use Sophos-provided templates to detect common sensitive data, or create custom rules using CCLs, message attributes, or keywords. For information, see Rule Type.

  8. Click Next.

  9. In Add items, configure the content the rule applies to, depending on the rule type.

    For most rule types, you can use Sophos-provided lists or custom lists specific to your needs.

    Select one or more of the following options under Search in to search for rule types in the corresponding location:

    • Subject
    • Body
    • Attachment Name
    • Attachment Content

    Where we search depends on the selection you make in Search in.

    When we find a rule type in one location, we stop searching there and start searching in the next location. We only report the first instance of a rule type in each location.

  10. Click Next.

  11. In Message Attributes, select the attributes you want to filter messages by.

    For more information, see Message Attributes.

  12. Click Next.

    If you're creating an inbound rule, the External senders dialog appears. For an outbound rule, the External recipients dialog appears.

    This setting only applies at the rule level. You can also configure external users and domains at the policy level. See External users and domains.

  13. Add email addresses or domains that you want to include or exclude from the rule.

    You can add individual items or import a list.

    Inclusions and exclusions are absolute. For example, if you include a domain, the rule applies only to emails from that domain. It doesn't apply to emails from any other domain. If you exclude an email address, the rule applies to all emails except those from that address.

    Note

    When we analyze senders and recipients of messages, we use their SMTP envelope sender and recipient addresses, not the From and To header fields.

  14. Click Next.

  15. In Choose action, select what happens when the rule matches.

    For more information on the available actions, see Actions.

    The options may vary depending on whether the rule is inbound or outbound.

    You can also combine rule types by selecting actions that allow continued processing. If supported, the Continue processing option appears, and you can turn it on.

  16. Turn on Filter messages with this rule to enforce the rule.

  17. Click Save.

When the rule is turned on, messages that match appear in the Data Control summary and Message History reports.