To prevent information leakage and block off malicious emails, administrators can set data protection rules to scan incoming and outgoing emails.
- 1.Set a data protection rule
Log in to Lark Admin. Under the Feature Management on the left, click on Mail > Security > Data Protection > New Rule.
1.1 Name and scope
Enter the rule name, description, and its application scope.
Note: A protection rule can be applied either to the entire company or to a specified range.
For rules applicable to a specified range, select one or more options, including Departments or members, Public mailbox, and Mailing list.
Trigger conditions and actions
Select the event and condition of a trigger rule. Currently, the following four trigger events are supported.
- •Receive external emails
- •Send to external mailboxes
When an email account within the scope of application triggers a corresponding event, the email will be checked based on the rule.
You need to set the rule-triggering conditions separately. Currently, four conditions are supported.
- •Email body. Check whether the email body contains/does not contain/is equal to the corresponding keywords.
- •Email subject. Check whether the email subject contains/does not contain/is equal to the corresponding keywords.
- •Sender. Check whether the sender contains/does not contain/is equal to the corresponding email addresses.
- •Recipient, CC or, BCC. Check whether the recipient or the cc'd (or the bcc'd) contains/does not contain/is equal to the corresponding email addresses.
Note: Is equal to refers to actions that occur when the triggering conditions are all met.
After you've filled in the trigger events and conditions, you can set the action after a rule is triggered. Currently, two actions are supported.
- •Reject email: An email that has triggered a rule will be quarantined and rejected for sending (or receiving).
- •Quarantine email: An email that has triggered a rule will be quarantined and handled by the administrator.
- •Redirection: When the email triggers the rule, the intended recipient will not receive the email, and the email will be sent to the specified email address by default.
- •CC: When the email triggers the rule, the email will be cc'd to the specified email address by default.
- •BCC: When the email triggers the rule, the email will be bcc'd to the specified email address by default.
- •The recipient can't see the redirected/cc'd bcc'd email addresses.
- •Addressees that receive redirected / cc'd/bcc'd emails will see a prompt before seeing the email body.
Fill in the above content and click Confirm to create a new data protection rule.
- •You can create up to 10 rules for each trigger event and up to 10 conditions for each rule.
- •When rules are conflicting or reoccurring, then the rule with the earlier creation date is prioritized.
- 2.View data protection rules
Go to the Data protection rules list, and click on a rule to view its details.
To modify a rule, click Edit. Enable or disable a rule using the toggle switch in the Data protection rules list or the details page.
Emails that have triggered a quarantine action will be stored in the Quarantine Area, and will be reviewed by the administrator. Administrators can query emails under quarantine in 3 ways:
- •Query by email status including In quarantine, Passed and Rejected.
- •Query by keywords in email subject or body text.
Click on a quarantined email to view its details, including its content and the rule triggered.
The administrator can select Rejected or Pass to decide the outcome.
Note: An email will only be sent or received if it's passed.