Data Loss Prevention

 View Only

  • 1.  Symantec DLP - Blocked EMail notification

    Posted Jul 22, 2015 06:23 AM

    Dear Experts,

     

    We are facing while creating blocking SMTP email rule. I have created rule like below.

    //

    An e-mail sent by $SENDER$, regarding "$SUBJECT$" was blocked from going to $RECIPIENTS$ because it violated the company's $POLICY$ Policy.

    //

    Now, End user is complianing that in $RECEIPIENTS$ list, he is getting all mail addresses. He want to know specifically which mail ID got blocked.

    He use 4 to 5 mail IDs in "$RECEIPIENTS$" whereas mail will be blocked for 2 or 3.

     

    Kindly let me know if there is any option to change the value.

     

    Thanks in Advance

    Siva
     



  • 2.  RE: Symantec DLP - Blocked EMail notification

    Trusted Advisor
    Posted Jul 29, 2015 10:58 AM

    Siva,

    There is no way to tell the user which Recpient caused the blocking of the email. This is going to be in the policy, which is not exposed as part of an Email response.

    The only possible thing, is to show the name of the policy Rule. Maybe the rule can have more specific informaiton in it that can educate the employee.

    Good Luck

    Ronak

    IF THIS ANSWERS YOUR QUESTION PLEASE MARKED THIS AS SOLVED



  • 3.  RE: Symantec DLP - Blocked EMail notification

    Trusted Advisor
    Posted Jul 30, 2015 03:53 AM

    hello,

     by design notification are not done to inform user how to succeed sending his email but to inform him that his email was blocked. As this could also be used by some people to reverse engineered your policy.

     Simplest way to do this in sym DLP is to have a more detailed notification explaining what the policy is about.

    For example add in your notification a short description of the policy, or having policy name more precise about what they do.

     Take also into account that adding recipient list in notification could be a mess if user sent this email to hundred recipient. And having only part of the recipient list will let user think email was delivered to other recipient.

     

     Regards.



  • 4.  RE: Symantec DLP - Blocked EMail notification

    Posted Sep 02, 2015 08:03 AM

    Hi Ng, as per my best knowledge , you would not able specically give the information as Symantec fetch complete recipeint list even though single has been block. You can check this specific block by manual inspection on DLP.



  • 5.  RE: Symantec DLP - Blocked EMail notification

    Posted Sep 02, 2015 11:09 AM

    Hello,

    As said above, that's not possible. The users receiving the email alerts are not the data/policy owner or policy requester? The data owners/managers/endusers should be fully aware of what can or not be done (I believe that's not the case).

    DLP environment should work very close to all organization to promote an effective transparency, and safety of course.

    Just my 2cents,