Symantec Data Loss Prevention (DLP)
Network Prevent for Email
The setting "All recipient must match (Email only)" is confusing and difficult to understand.
Here we explain a number of test cases which demonstrate how the setting works.
Email Test | Incident | |||||
1 | [email protected] | [email protected] | [email protected] | [email protected] | [email protected] | Yes |
2 | [email protected] | [email protected] | [email protected] | [email protected] | Yes | |
3 | [email protected] | [email protected] | [email protected] | Yes | ||
4 | [email protected] | [email protected] | Yes | |||
5 | [email protected] | Yes |
With regards to the other setting “At least (#) recipient must match” the outcome is different as we could enable that option with the value of # = 1 and have the following results:
So the email would, in that case, need to contain at least 1 of the 5 recipients [email protected], [email protected], [email protected], [email protected], [email protected] but can also include any other email recipients outside of those listed in the rule which will trigger an incident whereas the “All recipient must match” cannot.