Enforcing Traffic Light Protocol When Sending Emails

The Traffic Light Protocol (TLP) is created to facilitate sharing of sensitive information. When this sharing mechanism is email, it is done by adding special text to the subject of any email, designating their importance.

To avoid human error and prevent sensitive documents/emails from leaking, Xeams can be configured to require approval from an authorized individual before the email is sent out.

What is TLP

TLP-designated emails contain one of the following text in the subject line:

  • TLP-RED
  • TLP-AMBER+STRICT
  • TLP-AMBER
  • TLP-GREEN
  • TLP-WHITE

Refer to Appendix A: TLP 2.0 Definitions for details on these classifications.

Avoiding Human Errors

Human errors are the most common reason for mistakenly leaking sensitive information. Therefore, an extra layer of checks and balances provided by an email server can help avoid mistakes. Consider the following scenario as an example:

  • A sensitive email is composed by the head of a government organization, containing TLP-RED in the subject line, indicating the message is intended for the eyes and ears of individual recipients only.
  • This message is sent to 5 individuals.
  • One of the individuals is on vacation and has created a rule forwarding his official messages to a personal email account hosted on the cloud.
  • Sending an email marked as TLP:RED to a public email address will most likely violate company policies.

Configuring Xeams To Prevent Email Leakage

The Pre-approval plugin is used in Xeams to prevent unauthorized emails from leaving your network. Use the following steps to configure it.

  • Log in as admin
  • Click Plugins under Home
  • Click Manage for Pre-Approval Plugin
  • Specify values as described in the table below.

    Moderator:Specify an email address who is authorized to approve an outbound email when TLP classification is detected.
    Sender:This should be set to LOCAL, indicating any user on the local domain.
    Recipient:This should be set to FORIEGN, indicating any recipient on a foreign domain.
    Subject:Set this to (TLP:RED|TLP:YELLOW|TLP:GREEN), which is a regular expression to catch messages with TLP classification.
    Subject is Regex:Check this box

  • Once created, the email address specified as the Moderator will have to approve any outbound email before it is sent out.