Configure Netskope SMTP Proxy with a Custom MSA

Configure Netskope SMTP Proxy with a Custom MSA

When you configure Netskope SMTP Proxy with a custom mail submission agent (MSA), all outgoing emails from the custom MSA are sent to Netskope SMTP Proxy for policy evaluation. You can create up to three custom MSAs.

To configure a custom MSA for Netskope SMTP Proxy:

  1. In the Netskope UI, navigate to Settings > Security Cloud Platform > SMTP

  2. Click + and +Create a Custom MSA.

  3. In the Edit New Custom MSA window:

    • Create MSA Name: Enter a name for the custom MSA. Policies, alerting, and incidents refer to this name when an event occurs.

    • Set Tenant Verification for Each Domain: (Optional) Select to set a unique tenant verification and key-value pair for each domain.

    • Set Next Hop for Each Domain: (Optional) Select to enter a unique next hop for each domain.

    • Domain: Enter and verify the domain you want to use for email processing. You can enter a domain, subdomain, or a wildcard domain (e.g.,,, and * Click +Add to add multiple domains.

    • Tenant Verification (Optional): Enter a key and value as a verification method for the email traffic if the emails have a mail server (MSA) specific key-value pair.

    • Next Hop: Enter the IP address/FQDN and port of the upstream MTA where you want the emails to be routed.

    • Source IP Allowlist (Optional): Enter the mail server egress IP addresses you want to permit into the Netskope cloud for traffic processing. You can enter /24 CIDR subnets or smaller as well as individual IP addresses. Click +Add to add up to 12 IP subnets or IP addresses.

  4. Click Save.

After creating a custom MSA, you can create Real-time Protection policies to secure your outbound emails with DLP.

Share this Doc

Configure Netskope SMTP Proxy with a Custom MSA

Or copy link

In this topic ...