Skip to content
Last update: 2022-08-23

Data control policy

Data control allows you to inspect emails and take actions depending on their contents.


This option is only available with an Email Advanced license.

In Data control policies you add rules to restrict the information that can be included in emails. Rules can be applied to inbound or outbound emails and you can add up to 25 rules to a policy.

You can apply rules to different users, groups of users and domains. For example, you could set up a rule to prevent any financial information going out of the organization for most users. You could then apply a less strict rule to accounting staff.

To add Data control to emails, create a Data control policy.

When you create a policy, the action is set to the Sophos default. You can change this when you create or edit the rule.

In Settings, you can see the rules for inbound or outbound emails that are associated with a policy. You can change the order of the rules, and turn them on or off. To view or edit rule settings, click on the rule name. You can also create new rules for a Data control policy.

When you create a rule you can use templates provided by Sophos to protect your data. You can also customize rules as follows.

  • You can choose the action you want to take when sensitive information is found in an email.
  • You can choose who to notify.

    If you delete a mailbox that receives notifications, you must select a different one, or turn notifications off.

  • You can filter messages by whole message size, or just the size of message attachments.

  • You can set a default encryption method for outbound messages.
  • You can override the default encryption method for outbound messages in the settings for individual rules.


The encryption option in rules for outbound messages only works if encryption is turned on in Encryption settings.

Go to Email Security > Policies and click Data control to manage information restrictions in email. See Create or Edit a Policy.


You can use templates to filter emails for financial, confidential, health and personally identifiable information. You can also filter emails by their attachment file types. See Sophos blocked email attachments.


You can customize Data control rules using content control lists (CCL), keywords or phrases.

A CCL defines data that you can use to filter emails and take actions.

You can specify keywords or phrases you want to use to filter emails. You can add a maximum of 200. Keywords and phrases aren't case-sensitive.

Back to top