As far as I know, DLP is done before encryption. What you would have to do is to implement
DLP after encryption. This however could cause other issues, as people could encrypt the
emails with SSN's, PHI, PII or corporate sensitive information and this would then in
effect bypass the DLP filters which defeats the purpose.
What you could do is configure the solution (and what I will be doing) to bounce the email
back to the sender (or DLP manager) if it contains the SSN or other reg exp you have
specified and tell them that the email is in breach of the rule you have set and offer
them the option to send the email "as is", send it encrypted or delete it. This
also has the positive effect of "teaching " users about sending sensitive data
I am sure that Martijn has a much more detailed explanation.
From: users-bounces(a)lists.djigzo.com [mailto:email@example.com] On Behalf Of
Sent: Tuesday 25 October 2016 18:21
Subject: [Djigzo users] DLP blocks encrypted email
When I specify [encrypt] in the subject, the DLP still quarantines. How could I configure
DLP to allow encrypted outbound messages with SSNs in them?
Users mailing list