During email inspection, what does Zscaler do if the email triggers a DLP policy?

When an email triggers a Data Loss Prevention (DLP) policy during inspection, Zscaler adds headers to define actions that need to be taken regarding the email. This is important because the headers can inform the receiving mail server or the email client about the specific DLP actions that have been applied, such as whether the email was flagged, quarantined, or modified in any way. By incorporating these headers, Zscaler ensures that proper communication is maintained regarding the handling of sensitive information, aligning with compliance and security requirements.

This approach allows organizations to maintain control over their data while providing clear visibility into how sensitive emails are managed. The use of headers also supports integrations with other systems, allowing for more nuanced responses based on organizational policies.

Other actions such as forwarding the email to IT, blocking all outbound emails, or automatically deleting content may not be appropriate responses according to the DLP policy framework, which aims to mitigate risk without overly disrupting business processes. Using headers for defined actions strikes a balance between security and functionality, allowing legitimate business communications to proceed without unnecessary interruption.