Below is the matched DLP details:
Title: DLP Test
Person who last modified document:
Person sharing item: AlI Vex AllV@externaldomain.com
False positive: No
Condition matched: External recipients
Condition matched: Contains sensitive information
Detected: External recipients, email@example.com
the detected external domain is not listed in either the to,cc,of bcc lines.
Is there a way to investigate what policy is adding an external recipient if there is any?
Could the external recipient be added and hidden by the sender? Is there a way to verify this?
Can a matched DLP policy mail flow be traced to view all policies\rules that the email matched during its transportation?
Any suggestion or thought is welcome.
FYI - Message tracing does not provide the details needed.