Email Fast Get a sandbox key
Features

The last gate before anything leaves

Detect card numbers, government IDs, and secrets in outbound mail — then block, redact, or hold for a second person's sign-off. Fails closed, checked twice.

Outbound mail, inspected on the way out

Email DLP here is an enforcement point, not an after-the-fact report: an outbound data-loss-prevention gateway that fails closed — card numbers, government IDs, and secrets can be blocked, redacted, or held for a second person's sign-off before anything leaves.

How it works

  1. Define a policy: which detectors — card numbers, government IDs, secrets and API keys — apply to which mail.
  2. Choose the action per rule: block outright, redact the match and send, or require TLS for delivery and hold the message when that can't be assured.
  3. Held messages need a second person. Maker-checker release means the sender can't approve their own exception.
  4. Evaluation happens twice: at admission and again at send time, so nothing that changed in between — a template edit, a variable value — can slip past the first check.

The failure behavior is the headline: an evaluator error blocks rather than leaks. And until you define a policy, the gateway is inert — no latency tax, no surprise blocks.

The evidence

Two checkpoints, both fail-closed
admission --[DLP evaluate]--> durable queue --[DLP re-evaluate]--> send
              error? block                      error? block

The second evaluation exists because time passes between accepting a message and sending it. Whatever changed in that window faces the policy again before anything leaves.

Honest limits

Detection is patterns, and patterns have edges

Detectors match structure, and structure has lookalikes — a sixteen-digit order number can trip a card-number check, so expect a tuning period with false positives. Maker-checker adds human latency to held mail by design; the pause is the control functioning. And fail-closed means an evaluator bug stops your mail instead of leaking your data — availability traded for containment, deliberately.

Where to go next

DLP composes with customer-held keys — one governs what leaves, the other who can read what's stored — and with the compliance machinery around both. The enterprise door shows the full control set, and if you're weighing security-first vendors, the Paubox comparison is the relevant one.

Questions, answered plainly

What can the detectors find?

Card numbers (PANs), government identifiers such as SSNs, and secrets — API keys and credentials. Detectors apply according to the policy you define; without one, the gateway is inert.

Who releases a held message?

A second person. Maker-checker release means the sender can't approve their own exception — the four-eyes control regulators mean when they say separation of duties.

Does DLP slow sending if we don't use it?

No — the gateway is inert until you define a policy. No policy, no evaluation, no latency, no surprise blocks.

What happens if the policy evaluator itself errors?

The message is blocked: an outbound data-loss-prevention gateway that fails closed — card numbers, government IDs, and secrets can be blocked, redacted, or held for a second person's sign-off before anything leaves. An evaluator failure stops mail rather than leaking data — fail-closed is the design invariant, not a configuration option.

See it for yourself

Sandbox keys run the real pipeline dry — real validation, real events, a hosted inbox, no email sent. Early access is onboarding now.