Hello,
You can use different Severities to control how response rules are applied.
- Create a sender/recipient pattern with the users you want to "monitor" and change status; OR list the recipients/senders as detection criteria;
- In the policy, add the detection method (example: keywords) AND Send/Recipient pattern with severity "High"
- For other users, use severity "Medium".
Create an automated response rule where: if severity = High, then change status to (example) "Critical".
All other cases retain status "New".
Test it.
We have a similar situation for recipients that we consider as Partners.
Regards,
Paulo