This document explains the impact on end-users and Google Workspace admins when the automated actions in Gmail DLP (Block and Quarantine) are implemented.

To learn more about configuring automated actions for Gmail DLP, see, Automated actions.

Block

When an Email is blocked, the end user receives an Email from Nightfall that informs them that their Email was blocked. End users receive this email from dlp@nightfall.ai. Apart from this email, end users also get the original Email which was blocked.

The Email looks as follows.

The status of the Violation is also automatically changed to Blocked when the Email is blocked.

Quarantine

When an email is quarantined, it is stored separately in a secure Gmail server. A Google Workspace admin must visit the server, review the quarantined email, and decide as to whether the email must be allowed to travel to the recipient or be blocked.

To access the quarantine emails:

1. Login to your Google Workspace with an admin account.

2. Click the menu icon.

3. Select Admin.

4. In the left menu, expand Apps and then expand Google Workspace.

5. Click Gmail.

6. Scroll down and click Manage quarantines.

7. Click GO TO ADMIN QUARANTINE.

The list of all the quarantined emails is displayed.

Click any email to expand it. You can view three options.

• SHOW ORIGINAL - This option displays the full email.

• ALLOW - This option releases the email from quarantine and sends it to the recipient. The status of the corresponding Violation changes to Email released. You must select this option if you are confident that the sensitive data detected by Nightfall is false positive.

• DENY - This option blocks the email and does not send it to the recipient. You must select this option if you are confident that the sensitive data detected by Nightfall is actually sensitive.