Network Prevent for Email (aka "SMTP Prevent")

Cloud Service for Email (aka "CDS for Email")

Both the on-premises and cloud service flavors of DLP Email act as an SMTP Proxy - instead of queueing messages or storing them, most actions in DLP are effected by modifications to message headers.

The default behavior for SMTP Prevent is to add a header field to every message that passes through the system. There are two server settings that control this:

• RequestProcessor.DefaultPassHeader contains the header value to add to each message. The default value is: X-Cfilter-Loop: Reflected . You can change this value; however, the SMTP convention is that customized headers should begin with "X-" for compatibility reasons.
• RequestProcessor.AddDefaultHeader is either true (default) or false. If true, the header in the field above will be added to each message.

These settings are located in the Server Settings screen, and are configured on a per-server basis. For example, by entering a different value for each prevent server, you can then determine which server scanned a message from the header value.

The DLP Cloud Service for Email also adds the above header. In addition, it has the following behavior:

• DLP Cloud Service for Email requires the header 'X-DetectorID’ for any emails accepted by our service. These are set by Transport Rules (in O365, on-premises Exchange; these are called "Routing" rules in Gmail).
• When a message successfully completes inspection by DLP, this header is replaced by the header  'X-DetectorID-Processed' before it is sent on to the next hop MTA.