1 of 4

Configure Compliance Rules

You must create three compliance rules. The first rule ensures that all the emails are routed towards Nightfall for scanning. It is mandatory for you to create the scan rule.

The second and third compliance rules are required for blocking and quarantining emails. You must create these rules only if you wish to use the block and quarantine actions in Gmail policies. You can configure either any one or both block and quarantine rules. It is recommended that you configure at least one of the two rules.

Configure Scan Rule

The Scan rule is used to select emails for scanning. This rule adds a Nightfall header to all the emails that are to be scanned.

Important

It is mandatory for you to create the scan rule.

To create Scan rule:

Login to your Google Workspace with an admin account.
Click the menu icon.
Select Admin.

In the left menu, expand Apps and then expand Google Workspace.
Click Gmail.

Scroll down and click Compliance.

Scroll down to the Content Compliance section and click ADD ANOTHER RULE. (If you have not created any Compliance rule previously, the button might be displayed as CONFIGURE).

Enter a name for the compliance rule.
Select Outbound and Internal - Sending checkboxes in the Email messages to affect section.

If you select only the Outbound check box, only those emails that are routed out of your organization to external domains are scanned. If you wish to scan internal emails which are sent between employees of your organization, you must select the Internal - Sending check box.

Select the If ANY of the following match the message option.

Steps 11 to 16 help you create a Compliance rule to block emails.

Click ADD.

In the Add setting dialog box, select the Advanced Content match option.

In the Location drop-down menu, select Full headers.

In the Match type drop-down menu select Not Contains text.

In the Content field enter x-nightfall-scanned. x-nightfall-scanned is a header that is added to emails that Nightfall scans. This condition ensures that all unscanned emails go through the scanning process.
Click SAVE.

The condition expression is created as follows. This ensures all emails that are not yet scanned by Nightfall need to be scanned.

You must now configure rules to route the email towards Nightfall for scanning.

17. In stage 3, select Modify message.

Under the Headers section, select the Add X-Gm-Original-To header check box.
Under the Envelope recipient section, select the Change envelope recipient check box.

Click SAVE.

Configure Quarantine Rule

The Quarantine rule quarantines the email that contains sensitive data. The initial configuration steps are the same as in the case of the Scan rule.

Important

You must configure this rule only if you wish to use the quarantine automated action.

Execute steps 1-13 of the . If you are already on the Compliance page of the Google Workspace, execute steps 7-13 of the .
In the Match type drop-down menu, select Contains text.
In the Content field enter x-nightfall-quarantine. Nightfall updates the headers for all emails that need to be quarantined with “x-nightfall-quarantine”, once they are processed and before they are routed back to Gmail. This enables Gmail to quarantine the emails with this header.
Click SAVE.

In stage 3, select Quarantine message.

(Optional) Select the Notify sender when mail is quarantined check box to notify the sender when their email is quarantined.
Click SAVE.

Configure Block Rule

The block rule blocks emails that contain sensitive information. Some of the initial configuration steps are the same as in the case of the Scan rule.

Important

You must configure this rule only if you wish to use the Block automated action.

Execute steps 1-13 of the Configure Scan Rule. If you are already on the Compliance page of the Google Workspace, execute steps 7-13 of the Configure Scan Rule.
In the Match type drop-down menu, select Contains text.

In the Content field enter x-nightfall-block. Nightfall updates the headers for all emails that need to be blocked with “x-nightfall-block”, once they are processed and before they are routed back to Gmail. This enables Gmail to block the emails with this header and these are not delivered to the recipient.
Click SAVE.

You can now see that a condition expression is added for the block as well.

When an email is blocked, you must notify the sender about the same. The following steps must be configured to notify the sender about the blocked email.

In stage 3, select Reject message.

(Optional) Enter an optional message to the sender. This message is included in the body of the email.
Click SAVE.

Configure Block Rule

The block rule blocks emails that contain sensitive information. Some of the initial configuration steps are the same as in the case of the Scan rule.

Important

You must configure this rule only if you wish to use the Block automated action.

Execute steps 1-13 of the Configure Scan Rule. If you are already on the Compliance page of the Google Workspace, execute steps 7-13 of the Configure Scan Rule.
In the Match type drop-down menu, select Contains text.

In the Content field enter x-nightfall-block. Nightfall updates the headers for all emails that need to be blocked with “x-nightfall-block”, once they are processed and before they are routed back to Gmail. This enables Gmail to block the emails with this header and these are not delivered to the recipient.
Click SAVE.

You can now see that a condition expression is added for the block as well.

When an email is blocked, you must notify the sender about the same. The following steps must be configured to notify the sender about the blocked email.

In stage 3, select Reject message.

(Optional) Enter an optional message to the sender. This message is included in the body of the email.
Click SAVE.

Configure Scan Rule

The Scan rule is used to select emails for scanning. This rule adds a Nightfall header to all the emails that are to be scanned.

Important

It is mandatory for you to create the scan rule.

To create Scan rule:

Login to your Google Workspace with an admin account.
Click the menu icon.
Select Admin.

In the left menu, expand Apps and then expand Google Workspace.
Click Gmail.

Scroll down and click Compliance.

Scroll down to the Content Compliance section and click ADD ANOTHER RULE. (If you have not created any Compliance rule previously, the button might be displayed as CONFIGURE).

Enter a name for the compliance rule.
Select Outbound and Internal - Sending checkboxes in the Email messages to affect section.

Select the If ANY of the following match the message option.

Steps 11 to 16 help you create a Compliance rule to block emails.

Click ADD.

In the Add setting dialog box, select the Advanced Content match option.

In the Location drop-down menu, select Full headers.

In the Match type drop-down menu select Not Contains text.

In the Content field enter x-nightfall-scanned. x-nightfall-scanned is a header that is added to emails that Nightfall scans. This condition ensures that all unscanned emails go through the scanning process.
Click SAVE.

The condition expression is created as follows. This ensures all emails that are not yet scanned by Nightfall need to be scanned.

You must now configure rules to route the email towards Nightfall for scanning.

17. In stage 3, select Modify message.

Under the Headers section, select the Add X-Gm-Original-To header check box.
Under the Envelope recipient section, select the Change envelope recipient check box.

In the Replace recipient field, enter . This is the email address to which emails must be routed for scanning.

Click SAVE.