Stop data loss with DLP

View DLP content and rule size limits

DLP recommended size limits for content and rules

Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials Plus.  Compare your edition

Drive DLP and Chat DLP are available to Cloud Identity Premium users who also have a Google Workspace license. For Drive DLP, the license must include the Drive log events.

You configure data loss prevention (DLP) rules to protect sensitive content. To keep DLP rules working to protect your content, make sure your DLP configuration settings stay within the following recommended size limits. Some of these limits are not enforced, but stay within the limits stated in this article. If you exceed these limits, your DLP rule might not work.

Drive DLP content limits

Content

Limit

Drive text content (with markup)

  • 1 MB
  • Any text beyond this limit is not scanned by DLP for Drive, and the text is truncated.

Number of files scanned within a zip file 

1000

Number of items detected per document or file 3000

Rule size limits

Rule attribute

Limit

Rule count maximum

1000

You cannot save any rules after exceeding this limit. 

Rule description length

500 characters

Individual rule size

1.5 KB

This limit is accrued after you save the rule and it’s compiled by the system. If you reach this limit, you can’t save additional settings for the rule. For example, if you have a very large description or a long list of conditions, you can exceed this limit.

In general, you should not create very large rules. To avoid large rules:

  • Use short rule descriptions.
  • Use word lists where possible.
  • Avoid using long lists of conditions.

All rule configuration settings: The size limit for all DLP rule configuration settings, such as the number of rules and the size of rule descriptions

2 MB 

This 2 MB limit is the combined size of all DLP rule configuration settings, after you save them and they’re compiled by the system. Notwithstanding any of the limits above, if you reach this limit, you can’t save additional settings. 

Detector size limits

Detector attribute

Limit

Detector count maximum

1000

Maximum total size of word list

60 KB

Word list phrase component length (continuous sequences containing only letters, only digits, only non-letter characters, or only non-digit characters)

40

Maximum number of words in a word list

950

Size of a regular expression

1,000 characters

Regex detector count and word list detector count maximums combined for all rules

Combined limit: 30

  • Word list detectors maximum (used in all rules):  10
  • Regex detectors maximum (used in all rules): 20

Note that the number word list and Regex detectors are combined and together cannot exceed 30 detectors. 

Email address detector

40,000 entries

Detector size

Notwithstanding the other limits above, an individual detector may not be more than 2 MB.

Rule alert email recipient limits

Maximum number of email recipients                                   

10 recipients in DLP rule alert center action 

If you need to notify more recipients: You can add groups as recipients instead of individual administrators. Learn how to create groups.

DLP for Gmail content limits

Content

Limit

Gmail message (including attachments)                                 
  • Content filters scan messages and attachments up to 1MB. Message contents and attachments are converted to a single file in a scannable format. Gmail scans the converted file. For converted files larger than 1MB, Gmail scans only the first 1MB of the converted file. Gmail doesn’t convert or scan files that are larger than 10MB.
  • Content in the destination of URL links is not scanned. 
  • Files stored in Drive and linked to a message are subject to the DLP rules for Drive. Learn more about DLP for Drive.

Related topics

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu