Data Loss Prevention

 View Only

  • 1.  Compound exceptions question

    Posted Jun 19, 2015 01:59 PM

    Hi all,

    I have a requirement to block emails containing certain content from being sent to any third party other than registered clients. So far, so good - I have an EDM that indexes a feed of client addresses on a daily basis. This is used as a directory group exception where ALL recipients must match the list.

    This all works fine, but the business senders would like to include internal recipients, such as their colleagues or managers. This could be any internal address of their choosing.

    I tried a compound exception where

    1. at least one recipient matches a pattern (the pattern being our internal SMTP domains) AND
    2. all recipients must match the client list

    This does not work as of course the internal recipient does not match the client index. Having both of these conditions set to 'all must match' also fails because of course neither condition is completely met.

    The only options I can see are:

    • include all potential internal recipients in the index of client addresses (there are 140,000 of them so ideally not!)
    • set both conditions to 'at least x must match' (which opens a flaw where a non-client third party could receive it)

    Has anyone else come across this issue or have any bright ideas?

     



  • 2.  RE: Compound exceptions question

    Trusted Advisor
    Posted Jul 09, 2015 09:36 PM

    Steve,

    Are you using Endpoint or Email Prevent for this?

    I would assume Email Prevent, since you have created an EDM.

    There is no way to get this to work with Email Prevent for in a typical implementation - the Email Prevent servers are getting ONLY the outbound emails and this is AFTER the emails have touched the internal Exchange servers and been sent to internal people. So in reality this rule is POST the internal email routing.

    If you want to get this to possibly work, you may need to use the Endpoint Outlook plugin and use AD Groups for Exceptions.. though I do not think this will work the way you want it to, since you loose the EDM functionality.

    Ronak

    Please marked as solved when possible



  • 3.  RE: Compound exceptions question

    Posted Jul 21, 2015 05:39 AM

    Thanks Ronak, but I don't want to stop the email going to internal recipients (and understand that I couldn't do so even if I wanted to). What I want is the message NOT to be blocked to any of the allowed external addresses should an internal address exist among the recipients.

    For example, someone emails their external client list (all of whom are in the EDM) but cc's their line manager. The presence of their line manager's internal address means the EDM lookup fails (because ALL recipents need to match the EDM) and the message is blocked externally.

    The workaround is to include all of the internal addresses from that department in the client EDM, which is not ideal but seems the only way to achieve this.