Outbound Email Filtering – Data Loss Prevention

Outbound Email Filters & Data Loss Prevention – This is how Spambrella protects your business reputation

Content Analysis

Most of today’s media focus of email security is based on inbound email threats; phishing, ransomware attacks, and of course spoofing. Email administrators often overlook the significance of outbound email misuse and the trouble it can cause an organization. Spambrella outbound filtering content analysis is designed to protect your business and safeguard its reputation.

Spambrella integrates with  GoogleWorkspace and Microsoft365 as well as any on-premise mail server to add vital outbound data loss prevention and reputation analysis.

Customizing Content Filters

Spambrella outbound filters allow admins to apply content filtering based on outbound mail subject line, message headers, message body, and attachment file type. The rules for Spambrella filters are equal in this sense to the inbound email filter rules. Note that, in addition to quarantine, filter actions for outbound mail include encrypt and notify an internal referee. Notifying an admin or group will provide extra governance steps to releasing email which could be sensitive in nature.

You can learn more about outbound DLP content rules on the Spambrella knowledge base.

Outbound SPAM monitoring

Spambrella actively monitors outbound email for mass sending to protect your domains and reputation. If a message is not delivered it will be recorded in the Email Logs and can be released to the intended recipient. Bulk senders are permitted and should be reported to Spambrella support in order to allow this outbound mail-flow rate.

Email DLP – Smart Identifier Scan

A smart identifier is a pre-defined regular expression used to locate specific content in an email such as a Credit Card number of Drivers License Number. There are 6 categories of smart identifiers:


Attachment Content Filtering

All outbound messages, including those from whitelisted senders, go through attachment filtering. You can quarantine, encrypt or notify admins of outbound messages that contain attachments which include text/file type matching the patterns/filters you enter within Spambrella. A notification can be set to send to the sender when an outbound message is blocked due to attachment content filtering.

Personal Information Smart Identifier Scan:


Email Encryption

Spambrella has an Advanced service package that includes full email encryption (AES256). Recipients will receive a notification email that authenticates their access to the email from your organization. The recipient can respond securely within the interface.

Note: Spambrella runs TLS which can also be set to ‘always enforce tls’ within the outbound filters.

DLP and HIPAA Compliance

You can also take actions with outbound messages that contain matches to pre-made patterns in the subject line, message body, or attachment. With information types such as:

  • Credit card patterns,
  • Social Security Numbers (the USA only)
  • Passport numbers
  • Healthcare Terms
  • Financial Term
  • Much more

How Spambrella outbound email filtering protects your business.

Outbound email filters, also known as outbound email filtering or outbound content filtering, are security measures implemented by organizations to monitor and control the emails sent from their internal network to external recipients. These filters analyze the content, attachments, and metadata of outgoing emails to prevent the transmission of malicious or unauthorized content and to enforce email security policies. Here’s how outbound email filters work and their key features:

Content Inspection: Spambrella outbound email filters scan the content of outgoing emails for potentially harmful or sensitive information. This includes keywords, phrases, attachments, and embedded links that may indicate malicious intent, data breaches, or policy violations.

Attachment Analysis: Spambrella outbound email filters analyze email attachments to detect and block malicious files, such as malware, ransomware, or phishing payloads. They may use file type recognition, signature-based detection, and heuristic analysis to identify suspicious attachments.

URL and Link Scanning: Outbound email filters inspect URLs and hyperlinks included in outgoing emails to verify their legitimacy and assess the risk of phishing or malware distribution. They may check URLs against blacklists, reputation databases, and threat intelligence feeds to identify malicious links.

Data Loss Prevention (DLP): Outbound email filters integrate with Data Loss Prevention (DLP) systems to prevent the unauthorized transmission of sensitive or confidential information outside the organization. They enforce DLP policies by identifying and blocking emails containing sensitive data such as financial information, Personally Identifiable Information (PII), or intellectual property.

Compliance Enforcement: Outbound email filters help organizations comply with regulatory requirements, industry standards, and internal policies governing email communication. They enforce compliance by scanning outgoing emails for violations related to data privacy, security, and industry-specific regulations.

Encryption and Data Protection: Some outbound email filters offer encryption capabilities to secure sensitive information transmitted via email. They encrypt outgoing emails containing confidential data to protect them from interception or unauthorized access during transmission.

Policy Enforcement: Outbound email filters enforce email security policies defined by the organization, including rules for acceptable use, content restrictions, and email forwarding controls. They block or quarantine emails that violate these policies and notify administrators for further action.

Reporting and Auditing: Outbound email filters provide reporting and auditing features to monitor email activity, track policy violations, and investigate security incidents. They generate logs, alerts, and detailed reports on outbound email traffic, enabling administrators to analyze trends, identify risks, and maintain visibility into email security posture.

Overall, outbound email filters play a crucial role in protecting organizations from outbound threats, data breaches, and compliance violations by ensuring the secure and compliant transmission of emails to external recipients.

More details on using Spambrella email security and email governance services can be found on the Regulatory Compliance pages.

Further reading:

Sandboxing URLs and Attachments

Anti-Spam Filter Effectiveness

Contact Sales



As a 100% cloud-based solution, there’s no hardware or software to install or to worry about updating. By filtering mail at the Internet level before it reaches the network, Spambrella can save organizations considerable amounts on administrative tasks, bandwidth, end-user filtering, and even disk space on servers. We know time is valuable, so Spambrella offers market leading technology without the management and deployment headaches. Administrators can simply login to the online console and manage all users and account settings from one single secure platform.

Muti Layered Anti-virus Scanning

The Spambrella advanced threat detection technology enables our anti-virus engines to provide clients with an unrivalled protection from viruses and other email-borne threats.

All messages are meticulously scanned by our sophisticated virus engines, operating at the highest levels of accuracy, performance and effectiveness ensuring all known viruses are captured and blocked. For increased protection, Spambrella additionally employs heuristics scanning technology to discover email threats currently unknown to the system and protects against these in real time.

Threat Protection Technology

Spambrella leverages the advanced power of Targeted Attack Protection, Proofpoint’s Industry Leading email analysis solution, to provide small to mid-sized enterprises with URL Defense and Attachment Defense, the only service that effectively detects, catches and analyzes malicious URLs and attachments targeting this market.

Data Loss Prevention and Content Filtering

Spambrella eliminates the risk inherent in individuals making security and disclosure policy decisions by implementing a user-transparent, centrally based, policy-driven data loss prevention filter. Users simply send email, and the appropriate action is automatically taken. Also the solution offers a powerful, customizable rules engine. This facilitates both content and event-based email management whilst providing highly sensitive levels of control regarding email traffic. The service allows users to control where messages are sent to and how they should be filtered depending on specified rules with full visibility and control of features.


Visit our fully searchable Knowledge Base for FAQ's and detailed service information.
Auto User Provisioning (SMTP Discovery)

Auto User Provisioning (SMTP discovery), by default, will automatically add unregistered users to the service when three valid messages are received from that unique address (within 30 days), or one valid message has been sent outbound from your email server via the Spambrella Platform. (These settings can be customized by an Administrator). SMTP Discovery can be enabled/disabled from your Organisation’s Spam settings tab in the Spambrella interface.

When a new account is detected, it will be added to the Discovered list under the SMTP Discovery tab in the Users & Groups section of the user interface. Every Thursday, a notification email will be sent to the Organisation Admin with a list of the newly discovered accounts. From this email, the Org Admin can choose to add these accounts as new End Users or mark them as invalid. By default, if a discovered account is not marked as a new user by the Org Admin within 3 weeks, a new End User will be created for that account, unless the option ‘Expired Addresses Default to New User’ is disabled under the Organisation SMTP Discovery settings. In that case, the account would be marked as invalid. Please note that any accounts on that invalid list will not be able to receive mail once they are added to the invalid list.

Question: How often is the SMTP Discovered list updated?

Answer: The SMTP Discovered list is updated with newly discovered non-registered email addresses 4 times a day. 

This also depends on organization settings in place for SMTP Discovery. For example, the default value for “Inbound Detection Threshold” is 3. Therefore a non-registered SMTP address will not be reported until it has been identified 3 times. Once it meets this threshold it is added to the SMTP Discovered list. This occurs 4 times per day.


As SMTP Discovery can automatically create users for mail sent to valid addresses including both primary addresses and aliases, it is advised to manually add addresses to existing aliases to avoid the creation of multiple accounts.

URL Defense Decoder

Encrypting Emails – When should you start?

Requesting Bulk Email Limit Increase

Changing Filtering Service to Spambrella

When moving from one filtering service to another, or setting up for the first time, there are steps to include when setting up Spambrella that may be forgotten outside of our standard steps.

Remember to add in our IP ranges into your firewall.

However, adding to your firewall is not enough, specifically in the case of an existing filtering service going to your mail server. Your mail server itself may have other security protocols in place, especially if using a Microsoft Exchange environment.

Inbound Mail

Like the firewall settings, your mail server may have specific IP ranges that accept mail. Please make sure to add in the Spambrella IP ranges into your current mail server security settings. This is especially important for when moving from a different filtering service and you are only accepting mail your previous providers IPs.

Note: The Spambrella logs will indicate we will be setting your mail status as “Deferred” if we cannot talk to your mail server.

Outbound Mail

For outbound mail, although you may have set-up the smarthost properly, this does not mean mail will flow to the Spambrella smarthost. If you have specific rules in place please check your rules to see if any exist that could contradict sending to the Spambrella server.

Note: Spambrella support would not be able to easily assist you on this. If mail does not flow into our server via SMTP, we would not see anything at all, even in our logs. You would need to diagnose this on your mail server, hence please check your outbound rules and logs first.

Deployment Phases and Rollout

Situation – The console has four phases of deployment. During your rollout/deployment, you want to know what order to deploy each phase and what each phase includes.

Solution – Manage your Essentials console in the following sequence.

  • Activation
  • Pilot
  • Rollout
  • Maintenance

For the smoothest deployment possible, you should go through the following four phases:

1. Activation

This gives you access to the Administration Console, with one administrative account, one organization, and one server.

2. Pilot

Add a small group of users and possibly additional administrators. Set up your service.

3. Rollout

Using LDAP Discovery, add your remaining users and domains, and set the filter configurations and access levels as required.

4. Maintenance

On-going support of your users and servers. This may require adjusting filter settings, managing users and domains, and adding new or configuring existing email servers.

DLP – Data Loss Prevention FAQ’s

Frequently Asked Questions (FAQ)

Q. What packages is Data Loss Prevention included in? 

  • Data Loss Prevention is included in the Business, Advanced and Professional package.

 Q. How is Data Loss Prevention enabled? 

  • Data Loss Prevention can be enabled or disabled on the Spambrella features page.
  • Data Loss Prevention is disabled by default.
  • At present, only Spambrella Admins and Spambrella Staff can enable the DLP feature.

Q. Do the logs report on Scan information? 

  • No. Logs will only indicate which filter caught the message but it will not identify the Smart Identifier or Dictionary.

Q. Can a user see the terms included in the dictionary? 

  • No, not as this time. Please enquire with support.

Q. Does Spambrella support custom dictionaries?

  • No, not as this time although custom content filters can be created.

Q. Is Data Loss Prevention available for customers on trial? 

  • Yes.

Q. How do I know Data Loss Prevention is enabled?

  • On the Company Settings main page: Data Loss prevention will state “Active.”
  • Go to the Filters. When creating a filter, two new items appear:
  • Smart Identifier Scan
  • Dictionary Scan

Does Spambrella monitor outbound email as spam?

Spambrella does filter outbound email for SPAM. If a message is not delivered it will be recorded in the Email Logs and can be released to the intended recipient. Please note that similar messages of this nature are likely to be quarantined in future. 

Email Spoofing

Email spoofing is the creation of email messages with a forged sender address. It is easy to do because the core protocols do not have any mechanism for authentication. It can be accomplished from within a LAN(Local Area Network) or from an external environment. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.

By adding SPF (Sender Policy Framework) records to your existing DNS information, this will increase the chances that any spoofed email will be detected and is an added security measure, as all incoming emails will have the sender information validated.  Please note that by adding an SPF record does not make this 100% full proof.

Here are some external articles about spoofing:




Below are the SPF records, please use the one relevant to your platform.

SPF Records


“v=spf1 a:dispatch-us.ppe-hosted.com ~all”


“v=spf1 a:dispatch-eu.ppe-hosted.com ~all”

Please Note: Spambrella does not block an email outright for the SPF entry. This is because there are a large number of domains that have an incorrect SPF record. We will just increase the overall spam score.

A soft fail (~all) will increase the spam score moderately (which may not quarantine a message dependent on your spam threshold specified) whereas a hard fail (-all) will increase the score aggressively and quarantine the message if triggered.

Instant Replay Feature explained

The Instant Replay feature allows users to send (or resend) an email from Spambrella to their messaging server. This may be useful in the following situations:

  • The original email failed to be delivered (bounced/expired)
  • The original email was deleted by the user

If a user is attempting to send an email that has already been sent, they should be aware that if the email already exists in the destination server’s database then many mail systems may not deliver the email again. This will depend on the mail system in use and how it handles duplication.

Microsoft Exchange, for example, has a default duplicate database setting of 7 days. This means if an email comes in with the same messageID and client submit time within 7 days of the original, it will delete it as a duplicate. Therefore the user who uses Instant Replay feature to resend an email less than 7 days old will not get the message.

If you are using Microsoft Exchange and wish to enable retrieving messages within 7 days of receipt of the original, please follow the instructions on how to change this setting, available here.

If you are using another email application you should investigate to see if you have the option to adjust this value.

Instant Replay Feature is available only for the customers who have subscribed to the Business or Professional packages.

Please Note: This feature cannot be used with customers using Office 365 as a mailbox. This is due to how Office 365 handles duplicate message detection.

User Licensing – Billing FAQ

Spambrella is available in 8 service packages [Click here to see them]

  • Beginner
  • Beginner + (NFP Option)
  • Business
  • Business +
  • Advanced
  • Advanced +
  • Professional
  • Professional +

Partners – When selecting the package type you require for your customer, you can choose the appropriate features and modules for your needs contained within a package. Also, you can upgrade, downgrade, or change a user’s license by following the instructions below:

1) Adding / Decreasing Users’ Licences.

Adjust the user licence number to the required amount and select save button at the bottom of the screen.

  • If additional users are added, your Billing and Technical contact will be informed of the change.
  • The appropriate entity will then receive a prorated invoice for the changed user count.

2) Enable User capping.

Enabling this feature will not allow customers to add users above the number in the license field. This is useful for partners who sell an annual prepaid agreement and do not want to be billed for any users above that licensed amount, and it forces the customer to contact the partner to order more licenses and be able to add them to the system.

2) Upgrading.

  • When selecting an upgrade, you are automatically granted a 30-day trial of the upgraded service.
  • After 30 days, you will have the opportunity to confirm the upgrade or continue using your current version.
  • If upgraded packages are confirmed invoicing will be charged at a prorated.

3) Downgrading.

  • If you wish to downgrade to an alternate package, click on the downgrade button and save your changes.
  • The Billing and Technical contact will be informed by email of this decision and the changes will be applied straightaway.

4) Licensing of Users.

  • Spambrella does not bill for: Domains, Shared mailboxes/Distribution groups, aliases, etc.
  • Spambrella does bill for: Active primary user accounts on any domain (beating hearts).

Additional Resources:

Auto User Provisioning (SMTP Discovery)

Adding AD Functional Accounts Manually

URL Defense Decoder


Looking for resources you cannot find? Try the Knowledge Base or get in touch...
Partner Admin Guide
Customer Admin Guide
Office 365 Setup Guide
Phishing URL Defense
Schedule Demo Contact Sales Request Quote Free Trial

    One Step Closer To Greater Protection

    Spambrella requires all submissions of its website forms to be validated in accordance with the privacy policy

    Click here to accept our privacy policy terms before clicking submit below...

    Latest blog posts

    • On June 14, 2024
    Microsoft 365 Email Continuity Service – Is it Needed?

    An email continuity service, whilst not strictly required for Microsoft 365, can be highly beneficial for ensuring business continuity. When considering MX (Mail Exchange) backup…

    Read more
    • On June 13, 2024
    HIPAA Email Security: A Guide for Healthcare Organizations

    Sharing sensitive patient information via email goes hand in hand with hidden exposure risks that HIPAA regulations aim to ward off. Traditional email security standards…

    Read more
    • On June 12, 2024
    Business email archiving: Compliance and accessibility

    An email network acts as the central nervous system by spreading critical information throughout the organization. If this network is disrupted, you may be unable…

    Read more
    • On May 31, 2024
    Why Microsoft 365 is Insufficient for Email Security

    This article investigates why Microsoft 365 is insufficient for email security in today’s digital landscape. Email security is a critical concern for businesses of all…

    Read more