search cancel

Multiple incidents are created for a single email sent through Email Prevent


Article ID: 162153


Updated On:


Data Loss Prevention Network Prevent for Email


A single email results in multiple incidents being created when the recipients are in different domains.

There is no error message, just several separate incidents for the same original message.


To the sending MTA, each email going to a different domain is a unique connection it must make, and a unique message to send.  For example, 1 email sent with a recipient at, and requires the MTA to open 3 separate connections and send a separate message to each recipient domain.  Since the MTA treats these as separate messages, we see them as separate messages and generate multiple incidents.



DLP Network Prevent for Email (aka SMTP Prevent)


There is no workaround for this, this is the expected behavior.