search cancel

Whitelist recipients being blocked

book

Article ID: 253310

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor and Prevent for Email and Web

Issue/Introduction

We have a couple of policies that are using Sender/Recipient user patterns in order to whitelist a number of email addresses and domains.

Unfortunately, they are not being whitelisted.

Environment

Release : 15.8

Resolution

Please note the "All/at least x recipients must match" settings do not operate on a policy level, but on a message levels.

This means when an e-mail is evaluated against each exception separately (joined with an OR), within a single exception it will still look at whether all recipients of an e-mail must match itself or not.

Take this example, in a situation where a single exception that includes 2 out of 3 domains of recipients of a given e-mail, when that e-mail is evaluated against that single exception, it will only match 2 domains out of 3 recipients.

This does not meet the condition "All recipients must match". The matches from this condition will not be transferred across to match results for other exceptions because each exception is matched separately, as per the logical OR.

Below is additional information on recipients must match for Email only

https://knowledge.broadcom.com/external/article/169546/how-the-policy-rule-setting-all-recipien.html

You can find some more information on configuring the whitelists from the additional information section.

Additional Information

Pease find below KB Article for more information on how whitelists to minimize false positives

https://knowledge.broadcom.com/external/article?articleId=181285