Emails not being accepted by DLP Cloud Service despite domains being registered with Email
search cancel

Emails not being accepted by DLP Cloud Service despite domains being registered with Email


Article ID: 173510


Updated On:


Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Package


Please note: This KB is for customers using DLP Cloud Service for Email in Forwarding mode.

Customers in Reflecting mode (O365 => DLP => O365) should see this topic: About updating email domains in the Enforce Server administration console (


You are not able to send email through the DLP Cloud Service for Email, and messages are not being delivered from any new domains registered.

These new domains were added via the Email (ESS) ClientNet portal.

Yet messages are not being accepted for delivery, and no DLP Content Inspection is being performed.

Moreover, the Enforce UI is not showing the domains in question, in the Cloud Service for Email detector page.


Cloud Service for Email for customers in "forwarding mode", with Email as downstream MTA.

All supported versions of DLP for integration with the Cloud Service for Email (Enforce 15.8+ AND Cloud Managed DLP in CloudSOC).


As noted above, when the Cloud Email Service is set in Forwarding mode (messages going to Email, any new domains need to be registered via the ClientNet portal - see KB link below for Additional Information.

  • After domains are validated in ESS, and your MX records updated, an automated ESS process should send these details across to the DLP Cloud Service, where they will be added to your Cloud Detector configuration.
  • Normally, the automated process runs every hour, but the supported email domains list in Enforce is only populated when Enforce connects or reconnects with the Cloud Service. Thus, it can take up to 24 hours before new one(s) show in Enforce, after adding new domain(s) in ESS.

There is one known issue when the above process can fail:

  • The automated ESS process has temporarily failed to send these details across to the DLP Cloud Service.
    • In this case, domains for which email continues to be accepted will be shown in the Cloud Detector details page of the Enforce Server UI - but any new domains recently added will not be included.



For the issue described, you should open a ticket with DLP Technical Support.

The support team will inform DLP Cloud Operations, who will investigate the reason for the domain update failure.

Additional Information

Emails rejected by DLP Cloud Service when sending messages from new domains (