Create a Gmail Encrypt Transport Rule

1. Log in to the Google Admin portal.
2. In the Dashboard, select AppsGoogle WorkspaceGmailCompliance.
3. In the Content compliance section, Add Another Rule.

4. Configure the email transport rule.

   1. In the Content compliance field, enter a descriptive name for the transport rule.
   2. For the Email messages to affect, select Outbound.

      This instructs Gmail to forward the email to Enterprise DLP before it leaves your network when the email recipient is outside your organization.

   3. Configure email forwarding to Enterprise DLP for emails that have not been inspected.

      1. In the Add experiences that describe the content you want to search for in each message section, select If ANY of the following match the message.
      2. Add.
      3. In the Add setting page, select Advanced content match.
      4. For the Location, select Full Headers.
      5. For the Match type, select Contains text.
      6. For the Content, enter x-panw-action: encrypt.
      7. Save.

   4. Configure the action Gmail takes for encrypted emails.

      1. In the If the above expressions match, do the following section, select Modify message.
      2. For the Subject, select Modify message.
      3. For the Headers, select Add customer headers
      4. Add the custom message header.
         • For the Header key, enter x-proof-pointencryptdesktop.
         • For the Header value, enter encrypt.
         Save to continue.

   5. Configure the route to forward emails to your Proofpoint server for encryption.

      1. In the Route section, select Change route.
      2. Select the Proofpoint server route you created.

   6. Save.
5. Verify that the email transport rule was successfully added and that the Status is Enabled.