A PDF Email Protection account is classified as inactive if the user has been sent a PDF Email Protection message and has not logged into the Web Email Protection portal within a certain period (Three months by default).

Prior to a PDF Email Protection user account being deleted, by default a reminder is sent to the user 15 days prior to deletion, requesting that they login to the Web Email Protection portal and validate their account. This reminder uses the new template PDF Email Protection Account Expiration Warning which can be found in the management console by navigating to Mail > Message Templates.

Starting in release 10.5.1, the most recent date that each PDF Email Protection user is sent an email is captured. The initial last sent date for each PDF Email Protection user is set to the date that Encryption Management Server was installed or upgraded to release 10.5.1 or above. Therefore, by default, 75 days later, reminders will start to be sent to inactive PDF Email Protection users. 

By default, a maximum of 10,000 email reminders will be sent each day. Note that if there are more than 10,000 users who need to be sent a reminder on one day, they will be scheduled to receive one in subsequent days.

Prior to release 10.5.1, PDF Email Protection accounts were never deleted. Therefore, in some environments, there may be very large numbers of inactive PDF Email Protection accounts.

The default limit of 10,000 daily reminders may not be sufficient to ensure that all PDF Email Protection users are notified of the pending deletion of their accounts. For example, the default settings will only allow a maximum of 150,000 (10,000 * 15) users to be notified. Clearly, because of the 10,000 maximum limit, 30,000 of those users will receive only 3 days notice (including weekends). Many users will therefore not have sufficient notice to login to the Web Email Protection portal even if they want to.

There are several options for ensuring that users receive sufficient notice of the pending deletion of their PDF Email Protection account.
Note that all these settings will also apply to Web Email Protection accounts.

Before making any changes, it is helpful to know how long ago the PDF Email users were last seen.

For further insight into this scenario, please reach out to Symantec Encryption Support and we can guide you through the process to capture information that is needed.