Symantec Data Loss Prevention (DLP)
Network Prevent for Email

The setting "All recipient must match (Email only)" is confusing and difficult to understand. 

Here we explain a number of test cases which demonstrate how the setting works. 

• If the cell is empty then the recipient is not listed in the mail being sent. 
• If you the following 5 recipients [email protected], [email protected], [email protected], [email protected], [email protected] specified in the rule then an incident will match in the following cases where each is listed in the email To:

• If you add an additional recipient [email protected] to the email being sent then no incident will be created with any of the above recipients as follows:

 
With regards to the other setting “At least (#) recipient must match” the outcome is different as we could enable that option with the value of  # = 1 and have the following results:

So the email would, in that case, need to contain at least 1 of the 5 recipients [email protected], [email protected], [email protected], [email protected], [email protected] but can also include any other email recipients outside of those listed in the rule which will trigger an incident whereas the “All recipient must match” cannot.