Hello,
did you first test that DLP is able to detect CIDs in email, may be this is skip by content analyzer as it is only a tag used to reference an other object (which should contains sensitive information) ?
If DLP is able to detect it, it will be quite complicated to have an exclusion using CID as exception are applied on component and so if you applied it on component it means you wont analyze message body or message attachments.
if you use IDM, you just have to expect that image size is always the same in emails (which could be possible if email signature are build by a software used by everyone).
the solution could also be to improve detection rules to look for more precise pattern/information/document.
Regards.