Your Cloud Service for Email is generating 3X incidents for each file tested
search cancel

Your Cloud Service for Email is generating 3X incidents for each file tested


Article ID: 255375


Updated On:


Data Loss Prevention Cloud Service for Email


You are sending test messages with files containing sensitive information, and these appear to be generating multiple DLP incidents - one for each recipient.


Release :

All supported releases of the Cloud Service for Email


Firstly, be sure that Incident Reconciliation has been enabled for the DLP Enforce Server, as per Enabling incident reconciliation (

If that is enabled, it has been seen with one customer that a misconfiguration in the Gmail settings can cause this result.

In the Gmail admin interface, aka "Google Workspace", there are 2 basic types of configurable routing:

  • Apps > Google Workspace > Gmail > Default Routing.
  • Apps > Google Workspace > Gmail > Routing


And as per Google documentation, "Default routing" is somehow only for inbound messages:

"As an administrator, use the Default routing to set up how inbound email is delivered for your organization."


The DLP Help Center topic specifically directs users to the "Routing" settings:

  1. Go to Apps > Workspace > Gmail > Settings for Gmail.
  2. Click the Routing panel.
  3. Scroll down the page to locate the Routing section.

Configuring Google Workspace Gmail to send outbound emails to Cloud Service for Email (

Basically, for unexpected issues with mail routing and handling, ensure that you the DLP host has been configured via the "Routing" option.