[Email DLP] How to Configure "Do Not Automatically Encrypt" for Specific Conditions

Question

Is it possible to configure the system so that automatic encryption of attachments is not performed under specific conditions (such as for certain recipients or when specific keywords are included)?

Answer

It is possible to configure exclusions for automatic encryption under specific conditions (send unmodified).
In Email DLP, you can set up exclusions according to your operational needs by adjusting the Encryption Policies or Rule Groups (Filters) in the Administration.

* If you want to remove all existing automatic encryption settings, please also refer to "How to remove existing automatic encryption settings."

Below are three common configuration patterns and important notes for each.

Pattern 1: Exclude specific domains or email addresses

In the Administration's [Encryption Policies], set "Don't encrypt" for the Address Group of the recipients you want to exclude. (※1)

1. Priority: Optional * Encryption Policies with a lower number have higher priority, and the first matching policy will be applied.
2. Sender: Set to "All" to apply to all senders, or specify the relevant Address Group to apply only to specific senders. (※2)
3. Recipient: Set the Address Group for the recipients you want to exclude from encryption. (※2)
4. Encryption Type: Select "Don't encrypt".
   (※1) For instructions on configuring [Encryption Policies], please refer to Create an Encryption Policy.
   (※2) For instructions on creating Address Groups, please refer to Create an Address Group.

Pattern 2: Do not encrypt when specific keywords are included

If the subject or body of the email contains specific keywords such as "No encryption required," encryption will be skipped.
In the Administration's [Rule Groups], specify the keyword condition and configure as follows. (※1)

1. Attachment Encryption: Send unmodified
2. Target: Specify one of "Subject", "Body (including attachments)", or "Attachment"
3. Predicate: matches regular expression
4. Pattern: Set the desired keyword (please use regular expressions)
5. Count: 1
   Creating a Rule Group alone will not activate the setting; be sure to link it to a Filter. (※2)
   (※1) For instructions on configuring [Rule Groups], please refer to Create a Rule Group.
   (※2) For instructions on creating Filters, please refer to Create a Filter.

Pattern 3: Exclude when specific email addresses are included in CC

If a manager's address or a specific shared address (such as for auditing) is included in CC, encryption will be skipped.
In [Rule Groups], specify the CC address and configure the setting to not encrypt attachments. (※1)

* With this setting, if the specified address is included in CC, encryption will be excluded (sent unmodified) for all recipients in To and Bcc as well.

1. Attachment Encryption: Send unmodified
2. Target: Header Cc: (email address)
3. Predicate: matches regular expression
4. Pattern: Set the desired address (please use regular expressions)

5. Count: 1

   Creating a Rule Group alone will not activate the setting; be sure to link it to a Filter. (※2)
   (※1) For instructions on configuring [Rule Groups], please refer to Create a Rule Group.
   (※2) For instructions on creating Filters, please refer to Create a Filter.

If the settings do not work as expected, please check the following:

• Are the target email addresses or domains correctly registered in the Address Group?
• Is the attachment setting configured as "Send unmodified"?
• Does the filter for encryption exclusion have a higher priority (lower number)?

If you are unsure about the settings or are considering encryption exclusion settings other than those described above, please contact HENNGE One Technical Support. We will assist you with the configuration.