Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

Create DLP Policy to Add Exception to Ignore Emails Send to Internal Users

Created: 07 Apr 2012 • Updated: 12 Apr 2012 | 5 comments
Language Translations
yang_zhang's picture
+6 6 Votes
Login to vote

We can configure DLP policy so that it doesn't monitor the emails that send to the internal users.

Think about such scenario: the confidential docs can be send to the internal users for reviewing, but, these docs cannot be send to the outside of the company, or, should be encrypted before hand out.

Here are the steps:

1. Open a existing policy that should not create incident for internal users.

2. Under 'Detection' tab, click 'Add Exception' button:

3. Select 'Protocol or Endpoint Monitoring' under 'Protocol':

4. Choose 'Email/SMTP' under 'Protocol', on the 'Also Match' list, choose 'Recipient Matches Pattern':

5. Under 'Matches Pattern' section, in the 'Recipient Pattern' box, input the name of the internal email domain:

Note: there should be an '@' added before the domain name.

6. Finally, the policy should be look like this:

Comments 5 CommentsJump to latest comment

stephane.fichet's picture

take care that with this policy if i send an email to myself (using my internal email address) and a gmail account, you wont raise any incident.

better to request ALL recipient to be in domain. (checking right box in "recipient matches pattern" rules).

FICHET Stéphane
Associate & Consultant | ID-LOGISM

Login to vote
new_dlp's picture

good example to use the DLP policy.

Login to vote
mohammed.mazher's picture

question, why do I need to out @before domain name...


Mohammed Mazher

Login to vote
m@ntec's picture


i want to know, when it comes to automated report.

once the report schedule,but there is no report through the specific user. SHARED/PRIVATE report???

Login to vote
emil.dutsov's picture

Just a note:

Keep in mind that in that way emails sent to external domain/company and having even one internal reciepent will not be scanned at all.
For exapmle: important document sent to external counterpart with internal team member in cc.

Login to vote