search cancel

Multiple incidents are created for a single email sent through Email Prevent

book

Article ID: 162153

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email

Issue/Introduction

A single email results in multiple incidents being created when the recipients are in different domains.

There is no error message, just several separate incidents for the same original message.

Cause

To the sending MTA, each email going to a different domain is a unique connection it must make, and a unique message to send.  For example, 1 email sent with a recipient at gmail.com, yahoo.com and hotmail.com requires the MTA to open 3 separate connections and send a separate message to each recipient domain.  Since the MTA treats these as separate messages, we see them as separate messages and generate multiple incidents.

 

Environment

DLP Network Prevent for Email (aka SMTP Prevent)

Resolution

There is no workaround for this, this is the expected behavior.