Description
Email Traffic Control allows administrators to build code-free workflows that control how email is handled after Shield evaluates it, providing flexibility while preserving the system’s zero trust security posture. Workflows combine conditions and actions to customize message outcomes across inbound and outbound email, for one or more managed organizations.
Key capabilities include:
- Intelligent data detectors trained to recognize entire categories of sensitive and high-risk messages automatically.
- A point-and-click workflow builder that replaces manual rule writing and maintenance with one-time decisions.
- Pre-built templates for common scenarios to apply across client environments with ease.
These new capabilities power commonly requested use cases, such as:
- Automatically trust known senders, such as phishing simulation platforms, without breaking zero trust
- Detect protected health information (PHI), payment card information (PCI), or financial data in outbound email and trigger automatic protections like block, quarantine, or encrypt with Bracket
- Detect password reset emails and automatically lock them with Lockbox to cut off lateral movement from compromised inboxes
Only Shield Admins with the Superuser or Administrator role may create, modify, or delete workflows and workflow templates.
Workflow Component and Concept Definitions
Workflows are if/then statements that trigger specific message events on inbound or outbound messages. Saved workflows are enabled by default. Workflows are processed from top to bottom of their list. Note: Workflows can be linked to other workflows. In this case, all linked workflows are impacted by any changes to the workflow they are linked to.
Trigger type determines when the workflow runs. Only one trigger type can be selected per workflow. The three trigger types are Inbound, Outbound, or Manual.
Conditions are the "if" trigger of the workflow. They are specific email attributes or system properties (such as From Address, Subject Line, IP Address, or Attachment Type) that a workflow evaluates as part of a condition.
Actions are the "then" result of the workflow. They are the operations a workflow performs when its conditions are met, such as delivering, bouncing, moving, securing, or re-evaluating an email, or updating sender trust and risk levels.
Sections are logical categories that group related triggers or actions (for example, Headers, Message, Attachments, Security, or Delivery) to organize how conditions and actions are selected within a workflow.
An operator defines how a field is compared to a value or pattern to determine whether a condition is true. For example: equals (any), contains (any), matches, greater than, less than, or detects.
Operator input is the value, pattern, category, or predefined option (such as a size, day of week, platform, risk level, region, or detection type like PII or credit card number) that an operator uses to evaluate a field.
Action input is the parameter supplied to an action that specifies how it should be carried out, such as the target folder, risk level, recipient email address, silence location, trust location, or a custom bounce message.
Workflow templates are preconfigured workflow definitions that include predefined conditions and actions, allowing administrators to quickly create consistent, reusable email-handling rules without building them from scratch.
Please see Workflow Conditions and Actions for definitions of condition triggers and action results.
Related to
Updated