When setting up exception rules what are the field limitations for the "sender/recipient matches pattern" rule?
The recipient rule has the ability to set domains in either/both of the "Email Address/Newsgroup Pattern" or "URL Domain" fields. Within the product, the detection engine will apply the domain field to any traffic, i.e. HTTP, NNTP, SMTP, IM, etc. Email address will only be applied to messages that have identifiable users, i.e. SMTP and NNTP. The domain field therefore has the broadest capability, allowing a single rule to prevent any message flowing to a certain domain. Since the intention is to be broad at the domain level, a limit in the user interface was set as 512 characters.
The email address field is intended to be more specific to email and newsgroups. As such, it provides the ability to enter specific emails or patterns, such as [email protected], @sales.company.com, sales.company.com or a discrete list of email addresses.
DLP allows for a much larger list in the email field as a result. This field has no limit in the user interface. The database likewise no limit. The web application has a configured limit of 2MB for any posted data, so the actual limit is somewhat closer to 2MB.
In reality, the browser would need to be able to handle that large of a post. In addition, we would not recommend trying to push the limit due to the size of data being pushed through policy to Endpoint Agents and Detection Servers.
Please note that regex or wildcard is not supported with the Recipient Patterns Email Address or URL Domains field but only with the IP Addresses.
The following is noted in the Product documentation what is supported:
For this limitation, we have an open feature request "ISFR-2447 - Enforce - Ability to use regular expressions or wildcards in the Recipient Patterns field" to allow wildcards in email address section of recipient matches pattern condition. If you would like to add your organization as an endorser please contact our Technical Support. Also, we have feature request "PM-2701" to allow wildcards in URL domain section of recipient matches pattern condition.