Outbound message with multiple recipients creates multiple Data Loss Prevention incidents
|Article:TECH205770|||||Created: 2013-04-30|||||Updated: 2013-10-30|||||Article URL http://www.symantec.com/docs/TECH205770|
When an outbound email with multiple recipients (e.g. 3 Hotmail address and 1 Gmail address) was sent through Symantec Messaging Gateway (SMG) with Data Loss Prevention (DLP) inspection, SMG did not include all the Hotmail addresses in 1 SMTP sessions when forwarding the message to DLP. Instead, it separated into 2 SMTP sessions. The first session had 2 Hotmail addresses as recipients and the second session has 1 Hotmail address and the Gmail addresses as recipients. As a result, DLP network report shows 2 incident events.
This happens even when an outbound email was sent to multiple recipients under same domain only.
SMG has submitted the same message for more than once to DLP.
This issue has been resolved in Symantec Messaging Gateway version 10.0.2.
Article URL http://www.symantec.com/docs/TECH205770