Policy Matching

Deep Discovery Email Inspector first determines the message direction (inbound or outbound) based on the Internal Domains list to apply policies. For more information, see Internal Domains.

If more than one policy applies to a recipient or sender, Deep Discovery Email Inspector matches the enabled policy with the highest priority and applies the associated actions.

For example, consider the following policies.

Table 1. Example policies

Priority

Policy Name

Target

Direction

1

High_Profile_Recipient

Recipients:

  • ceo@example.com

  • cfo@example.com

Inbound

2

High_Profile_Recipient_Sender

Sender: jim@partner.com

Recipients:

  • finance_group (Active Directory)

  • alex@example.com

Inbound

3

Trusted_Partner

Senders: *@partner.com

Inbound

4

Sales_Team

Recipients:
  • joe@example.com

  • larry@exmple.com

Inbound

5

IT_Team

Recipients: IT_group (Active Directory)

Inbound

6

Acquired_Domain

Recipients: *@example.com

Inbound

7

Outbound policy

Senders: *@example.com

Note:

The domain "example.com" is in the Internal Domains list.

Outbound

8

Default policy

All recipients and senders

Inbound or outbound

The following describes how Deep Discovery Email Inspector matches the policies in a top-down approach based on the message direction and priority settings:

  • A message from leo@partner.com to the recipient (joe@example.com) matches the policy Trusted_Partner, because this is an inbound message (the domain "partner.com" is not in the Internal Domains list) and the priority for the Trusted_Partner inbound policy (matching the sender setting: *@partner.com) is higher than the Sales_Team inbound policy (matching the recipient setting: joe@example.com).

  • If a message is sent from jim@partner.com to three recipients (ceo@example.com, alex@example.com, and joe@exmple.com), Deep Discovery Email Inspector considers the message as an inbound message (the domain "partner.com" is not in the Internal Domains list) and matches the following inbound policies:

    • High_Profile_Recipient: Matching the inbound message direction and recipient ceo@example.com

    • High_Profile_Recipient_Sender: Matching the inbound message direction and recipient alex@example.com

    • Trusted_Partner: Matching the inbound message direction and recipient joe@exmple.com

  • If a message is sent from joe@yahoo.com to four recipients (larry@example.com, alex@example.com, bill@example.com, and jane@newdomain.com) and only bill@example.com belongs to the IT_Team Active Directory group, Deep Discovery Email Inspector considers the message as an inbound message (the domain "yahoo.com" is not in the Internal Domains list) and matches the following policies:

    • Sales_Team: Matching the inbound message direction and recipient larry@exmple.com

    • Acquired_Domain: Matching the inbound message direction and recipient alex@example.com

    • IT_Team: Matching the inbound message direction and recipient bill@example.com

    • Default policy: Matching the inbound message direction and recipient jane@newdomain.com

  • If a message is sent from alex@example.com to two recipients (larry@example.com and jane@newdomain.com ), Deep Discovery Email Inspector considers the message as an outbound message (the domain "example.com" is in the Internal Domains list) and matches the Outbound policy that has a higher priority than the Default policy (matching outbound message direction, sender, and recipients).

Note:

Message splintering occurs when a message with multiple recipients results in multiple policy and policy rule matches in Deep Discovery Email Inspector. For more information, see Policy Splintering.