Skip to main content
Skyhigh Security

About Passive Email DLP

Skyhigh CASB Email DLP allows you to apply DLP policies to your Exchange Online deployment using email journaling in Exchange Online. Journaling gives you the ability to send a copy of email traffic to Skyhigh CASB DLP for inspection. Each email sent from your organization is forwarded to a Skyhigh CASB-hosted mailbox where it is scanned. 

After sending an email, the following steps occur:

  1. The mail server (Exchange Online) creates a copy of the email.
  2. The mail server attaches this email to an "envelope" email addressed to the customer-specific Skyhigh CASB DLP scanning mailbox.
  3. Skyhigh CASB receives the email and checks if it is coming from an allow listed domain.
  4. Skyhigh CASB scans each message, comparing the contents of the email against DLP policies.
  5. If no DLP violations exist, the email is immediately (and permanently) deleted from Skyhigh CASB's data center.
  6. If DLP violations are found, remediation actions include either quarantining the email or deleting it from the originating mailbox. Your team can investigate the quarantined email and remediate the issue. Then the journaled email is immediately deleted from Skyhigh CASB's data center.

It's important to note that this process does not prevent the original recipient of the email from receiving it. Skyhigh CASB does not sit between your outbound email endpoint and the recipient's email address. This Email DLP solution uses automatic remediation options based on the DLP policy.

  • Was this article helpful?