[Email DLP] Emails Subject to Email Routing (Google Workspace)

Question

What types of emails sent from Google Workspace (Gmail) are subject to filtering by Email DLP?

Answer

Email DLP filters emails that are delivered via outbound routing on Google Workspace (Gmail).
* This information is based on the current specifications of Google Workspace and may change due to future specification updates.
* For cases not listed below, behavior depends on the specifications and settings of Google Workspace. For more information, please contact Google.

Email Deliveries Subject to Email DLP

• Emails manually sent by users from their own mailboxes (e.g., using Gmail) to external recipients
  (*) Outbound relay emails using SMTP-AUTH from external sources are also subject to processing, as long as they are within Gmail's sending limits. 

Email Deliveries That Should Be Excluded for Operational Reasons

• Emails addressed only to the same Google Workspace tenant
  Emails sent only to recipients within the same tenant (internal) are not subject to filtering.
  * If both internal (within the organization) and external (outside the organization) recipients are included, only emails to external recipients are subject to processing.
• Bulk sending accounts
  Tenants or accounts that regularly send large volumes of emails, such as system notifications, may be subject to sending restrictions (rate limits) based on Email DLP's own criteria. We strongly recommend that bulk email distribution be operated via a separate service that does not relay through Google Workspace or Email DLP.
• Automatic forwarding set by admin on Google Workspace
  Automatic forwarding emails added by the admin using the recipient address map feature are delivered without passing through Email DLP.
• Delivery after Google Group address expansion (+bnc)
  If a Google Group contains external email addresses, emails posted to the group are delivered without passing through Email DLP.
• Gmail automatic forwarding (+caf_=)
  Automatic forwarding emails set up by users themselves in the Gmail UI using [Add forwarding address] are excluded from filtering for the following two operational reasons:
  • When automatically forwarding emails received from external sources, the sender address is rewritten due to Google Workspace's unique specifications. As a result, Email DLP cannot associate the email with the original sender address, making it impossible to manage or operate the email properly in the user console.
  • Since automatic forwarding is performed by the system, it is not compatible with Email DLP features that assume manual user actions, such as "release from hold (confirm send)." It is necessary to prevent unintended email retention in advance.

Accounts Requiring Special Attention

• Sending emails using Google Workspace delegation
  When sending using delegation settings, the handling of the sender and whether the email is subject to processing may vary depending on the configuration. For more information, please refer to the following Help Center article.
  Email DLP Delegation (Google Workspace) / Shared Mailbox (Microsoft 365) Precautions