Skip to main content
日本語 简体中文 繁體中文

[Email DLP] What is a subaddress?

Question

What is a subaddress?
Are there any points to note when operating Email DLP?

Answer

An email subaddress (also known as an alias or plus addressing) is a feature based on Internet standards (RFC) that allows you to create a new address without changing the original email address.
This is created by inserting a specific character (usually a plus sign +) and an additional string (tag) into the local part of the original email address, which is a valid format according to the standard.
Mechanism and Structure: The basic structure of a subaddress is as follows.

Original email address local part + tag @ domain name

Example of an original email address: myname@example.com
Example of a subaddress: myname+shopping@example.com

All emails sent to this subaddress will be delivered to the inbox of the original email address myname@example.com.

Normally, subaddresses are used as alias addresses for receiving emails, but depending on the specifications of the mail system described below, there are cases where the subaddress is specified as the envelope From (sender address).
If the subaddress is set as the envelope From and delivered to Email DLP, please be aware of the filtering and sending restriction behaviors described later.

Main Patterns Where Subaddresses Become Envelope Senders Due to Mail System Specifications

  1. Gmail Automatic Forwarding (+caf_=)

    When automatic forwarding is set up in Gmail (e.g., myname@example.com), the envelope From of the forwarded email is rewritten in the following format to prevent SPF authentication errors.

    myname+caf_=[forwarding address]=[forwarding domain]@example.com

  2. Gmail Group Address Expansion Delivery (+bnc)

    When using a Google Group address (e.g., mygroup@example.com), the envelope From is rewritten in the following format to distinguish between the original sender and the group address, prevent SPF authentication errors, and properly handle bounce emails within Google servers.

    mygroup+bnc[hash]@example.com

  3. Exchange Online Automatic Forwarding (+SRS=)

    When automatic forwarding to external addresses is set up in Exchange Online (e.g., myname@example.com), the envelope From of the forwarded email is rewritten in the following format to prevent SPF authentication errors.

    myname+SRS=[hash]=[source domain]=[source local part]@example.com

If a subaddress is delivered to Email DLP as the envelope From, please note the following regarding filtering and sending restrictions.

About Subaddresses and Filtering in Email DLP

As described above, due to automatic forwarding settings or Google Groups specifications, the envelope From may be rewritten in a subaddress format and delivered to Email DLP.
In this case, Email DLP identifies it as a "separate address (string)" different from the original email address.

According to the filtering specifications in Email DLP, when using address groups, the sender address is matched with the envelope From using "exact match." Therefore, even if only the original email address is registered, the rewritten subaddress will not match.
If you want to filter the rewritten subaddress, please either register the target subaddress individually in the address group, or set up filter rule definitions using conditions (regular expressions) as shown in the examples below.

The values for the original email address and subaddress used in the filter setting examples are as follows.

Example of an original email address: myname@example.com
Example of a subaddress: myname+shopping@example.com

Filter Setting Example 1: Target Only the Original Email Address

Sender: Address group including "myname@example.com"
Recipient: All
Rule: Remove All

In this case, if the sender is the original email address "myname@example.com," it will match and be deleted, but if the sender is the subaddress "myname+shopping@example.com," it will not match and will not be deleted.

Filter Setting Example 2: Target Only a Specific Subaddress with Exact Match

Sender: Address group including "myname+shopping@example.com"
Recipient: All
Rule: Remove All

In this case, if the sender is the subaddress "myname+shopping@example.com," it will match and be deleted, but if the sender is the original address "myname@example.com," it will not match and will not be deleted.

Filter Setting Example 3: Target Envelope Senders Including Both the Original Email Address and Subaddresses

Sender: Internal domain
Recipient: All
Rule: Delete all emails where the envelope From matches the following regular expression
^myname(?:\+.*)?@example\.com$

This regular expression targets both the original email address and subaddress formats that include "+".
Not only the original email address "myname@example.com" but also all subaddress formats such as "myname+shopping@example.com" and "myname+other@example.com" will match and be subject to deletion.

About Subaddresses and Sending Restrictions in Email DLP

Example of an original email address: myname@example.com
Example of a subaddress: myname+shopping@example.com

If, for example, suspicious emails are sent from "myname@example.com" and it becomes subject to sending restrictions in Email DLP, not only emails where the envelope From address is the original email address "myname@example.com" but also emails where the envelope From address is the subaddress "myname+shopping@example.com" may be subject to restrictions.

For more details about sending restrictions, please refer to the following Help Center article.
[Email DLP] About Service Sending Restrictions