Skip to main content
Skyhigh Security

About Passive Email DLP for Gmail

Skyhigh CASB's email passive mode Data Loss Prevention (DLP) solution is designed to scan email as it is sent by a user. When a Gmail user sends an email, G Suite uses the third-party email archiving feature to send a copy of the email to Skyhigh CASB for analysis. A copy of the email is sent in parallel to the original email. This means that Skyhigh CASB receives a copy of the email with no impact of the delivery to the original recipient. This workflow provides notification, but no active remediation.

The workflow uses the following steps:

  1. An email is sent or received by the user.
  2. G Suite delivers the email to the original recipient (Skyhigh CASB can't block emails from being sent or received)
  3. G Suite is configured to send copies of emails to Skyhigh CASB over secure SMTP (this is configured in G Suite admin under Gmail advanced properties)
  4. Skyhigh CASB receives a copy of the email using an SMTP listener (Sky Gateway Email Mode). The listener is set up by Skyhigh CASB.
  5. Skyhigh CASB scans the email using a DLP engine.
  6. As required, Skyhigh CASB sends a notification email to the user regarding policy violation.

Prerequisites for G Suite Email DLP 

Message Processing 

Upon receiving the message from the Gmail, Skyhigh CASB temporarily stores the email in S3, which acts as a queue. Each message is encrypted with a customer-specific encryption key. The instant the message has been processed it is removed permanently from S3. We don't retain customer emails post-processing.

  • Was this article helpful?