Action summary
This article provides information for admins and users of Secure Download regarding the behavior when sending to or forwarding to group addresses.
By understanding these specifications in advance, you can prevent authentication issues and smoothly share files.
Notes
- The content of this article is based on product specifications as of June 2026 and is subject to change without notice.
Notes when the sender is a group address
If the sender is a group address, you cannot check the Secure Download history in the Email DLP user console.
In the user console, you can only check emails (where the envelope From is the address of the currently logged-in user) associated with the address of the user logged in to Microsoft 365 or Google Workspace.
Emails sent with a group address as the sender cannot be checked in the Secure Download history.
Admins can search the sending history by filtering by sender and other criteria.
[Email DLP] Searching filter history
Notes when the recipient is an external group address
If the recipient is an external group address, you cannot authenticate using the individual email addresses of the group members to whom the email is distributed.
Secure Download issues a unique download URL for each recipient (envelope To) in Email DLP.
When downloading files from the URL, authentication must be performed using the recipient's (envelope To) email address.
Therefore, if the recipient is a group address, authentication with the group address is required.
Notes when the recipient is an internal group address
If the recipient is an internal group address, the behavior differs depending on whether internal emails pass through Email DLP.
When using Microsoft 365 (Exchange Online), internal domain emails generally do not pass through Email DLP and are delivered within Exchange Online.
Therefore, attachments will not be replaced by the Secure Download feature.
On the other hand, when using Google Workspace, some internal domain emails may be routed through Email DLP.
If internal domain emails are set to pass through Email DLP, attachments in internal emails may be replaced by the Secure Download feature.
Notes when both personal and group addresses are specified as recipients
If you send an email specifying both a "personal address" and a "group address that includes that person" as recipients, the message ID will be duplicated.
As a result, only one of the emails may be randomly displayed on the recipient side.
This behavior is common to both Microsoft 365 and Google Workspace.
(Example)
If you send an email with an attachment sent via Secure Download to the following recipients:
To: "user@example.com" (personal address)
CC: "group@example.com" (group address including the personal address in To)
In such cases, if the message ID is duplicated, only one of the emails will be displayed.
When accessing the URL in the PDF attached to the email received at the personal address, or the URL in the email body, the group address may be displayed as the address for receiving the security code instead of the personal address.
Regardless of the order of To or CC, only one of the received emails will be displayed at random depending on the order in which they are received.
Notes when emails are forwarded among multiple recipients
If there are multiple addresses in the recipient list and recipient A forwards the email to recipient B, who has already received the email, the message ID will be duplicated.
As a result, in recipient B's mailbox, either the forwarded email from recipient A or the email directly received by recipient B will be displayed at random.
This behavior is common to both Microsoft 365 and Google Workspace.
If recipient B accesses the file download URL in the email forwarded from recipient A, recipient A's address will be displayed as the address for receiving the security code.