Emails which have a BLOCK Response Rule triggered by the DLP Cloud Service for Email are being rejected and queueing at the upstream MTA with the following error code:

{LED=421 4.3.0 Fatal: Processing error. Closing connection.}

DLP Cloud Service for Email

O365

The configuration of the Block Response Rule includes an option to have message notifications go to the original sender, or to a redirect email address.

This address was invalid (was not tied to an actual email account) on the customer's email system, and it was being rejected by the MTA (O365, in this case).

The email account used in a redirect configuration must be a valid email address, or the redirected messages will fail to be accepted by the next hop MTA.

The goal of the redirect response is to send the email to the specified inbox instead of the intended recipients.
If the redirect address does not exist, you will get the behavior we are seeing currently where it continually will try to resend it.
 

Note: The SMTP block rule will only prevent the email from being sent out. However, keep in mind the email is still present in Office365 - it will be present in the sender's inbox.

The email has to be bounced back or it has to be redirected somewhere - DLP cannot simply "drop" the message.