The Scan rule is used to select emails for scanning. This rule adds a Nightfall header to all the emails that are to be scanned.

To create Scan rule:

1. Login to your Google Workspace with an admin account.

2. Click the menu icon.

3. Select Admin.

4. In the left menu, expand Apps and then expand Google Workspace.

5. Click Gmail.

6. Scroll down and click Compliance.

7. Scroll down to the Content Compliance section and click ADD ANOTHER RULE. (If you have not created any Compliance rule previously, the button might be displayed as CONFIGURE).

8. Enter a name for the compliance rule.

9. Select Outbound and Internal - Sending checkboxes in the Email messages to affect section.

10. Select the If ANY of the following match the message option.

Steps 11 to 16 help you create a Compliance rule to block emails.

11. Click ADD.

12. In the Add setting dialog box, select the Advanced Content match option.

13. In the Location drop-down menu, select Full headers.

14. In the Match type drop-down menu select Not Contains text.

15. In the Content field enter x-nightfall-scanned. x-nightfall-scanned is a header that is added to emails that Nightfall scans. This condition ensures that all unscanned emails go through the scanning process.

16. Click SAVE.

The condition expression is created as follows. This ensures all emails that are not yet scanned by Nightfall need to be scanned.

You must now configure rules to route the email towards Nightfall for scanning.

17. In stage 3, select Modify message.

18. Under the Headers section, select the Add X-Gm-Original-To header check box.

19. Under the Envelope recipient section, select the Change envelope recipient check box.

20. In the Replace recipient field, enter dlp@secure.nightfall.ai. This is the email address to which emails must be routed for scanning.

21. Click SAVE.