When the Enforce server is offline, Symantec DLP Network Prevent for Email continues to block emails as expected. However, the sender does not receive a notification about the blocked email during this time. Once the Enforce server is back online, all queued block notifications are sent to the senders. Is there a way to adjust this behavior so that senders receive block notifications even when the Enforce server is unavailable?

Symantec Data Loss Prevention (DLP) 
Network Prevent for Email

The behavior of sender notifications depends on the response rule configured in DLP. There are two relevant options:

1. Block SMTP Message
   • When this response rule is applied, Network Prevent for Email sends the block notification directly to the upstream Mail Transfer Agent (MTA).
   • The MTA then delivers the notification to the sender, and this process works even if the Enforce server is offline.
   • No connectivity to the Enforce server is required for the sender to receive the notification.
2. Send Email Notification
   • When this response rule is used, the notification is sent directly from the Enforce server.
   • This requires the Enforce server to be online and to have received the incident details before it can send the notification to the sender.
   • As a result, notifications are delayed until the Enforce server is back online and connectivity is restored.

To ensure senders receive block notifications even when the Enforce server is down, use the Block SMTP Message response rule instead of the Send Email Notification rule.