DLP - Unknown External Recipient


Below is the matched DLP details:

Title: DLP Test
Document owner:
Person who last modified document:
Person sharing item: AlI Vex AllV@externaldomain.com
To: user@internaldomain.com
Cc: admin@internaldomain.com
Severity: High
False positive: No
Override: No

Condition matched: External recipients
Condition matched: Contains sensitive information






Detected: External recipients, user@unknowndomain.com




the detected external domain is not listed in either the to,cc,of bcc lines.



Is there a way to investigate what policy is adding an external recipient if there is any?

Could the external recipient be added and hidden by the sender? Is there a way to verify this?

Can a matched DLP policy mail flow be traced to view all policies\rules that the email matched during its transportation?

Any suggestion or thought is welcome.



FYI - Message tracing does not provide the details needed.



0 Replies