hi,
First, there is two ways to block email with DLP :
- Email prevent : "blocking" email by DLP are just email rerouted to a specific mailbox defined in response rule.
- Endpoint : Email is block before it is send by user (so it does not really exist as an email)
In both case this specific email is End Of Life so you cant resend it.
If you want to be able to analyze email then transfer it to final destination if approved, you will have to quarantine this email (instead of blocking it). You have to use response rule dedicated to that (usually it just add a new header in email to inform next MTA that he must qurantine this email). DLP by it self does not manage quarantine so it has to be done by a MTA (DLP will just flagged email to be quarantined).
Then if you use symantec mail gateway to do this, there is a plugin available to link DLP and gateway. This will allow you to release email from quarantine after analysis by someone and approval that this email is legitimate. If you use an other MTA to manage quarantine, you may have to use this MTA to unblock email and then send back this information to DLP (or opposite).
Regards