Policy Splintering

Deep Discovery Email Inspector includes the intelligent message splintering feature to enable multiple independent policy matches for a message with multiple recipients. Message splintering allows Deep Discovery Email Inspector evaluates each recipient against the policy list in a top-down fashion. When a policy is matched, Deep Discovery Email Inspector splits the message (creating message splinters) into multiple messages for the number of affected recipients.

Deep Discovery Email Inspector creates a message splinter only if a message with multiple recipients matches different policy rules in different policies. If all recipients in a message match the same policy or if recipients match the same policy rule in different policies, Deep Discovery Email Inspector does not create a message splinter.

Consider the following policies.

Table 1.

Policy Name

Rule

Policy A

  • Content filter Rule: Tag messages (keyword match)

  • Spam filter Rule: Delete spam messages

  • Threat protection Rule: Delete messages (all risk levels)

Policy B

  • Content filter Rule: Strip attachments (executable)

  • Spam filter Rule: Tag spam messages

  • Threat protection Rule: Delete messages (all risk levels)

Policy C

  • Content filter Rule: Tag messages (keyword match)

  • Content filter Rule: Strip attachments (executable)

  • Spam filter Rule: Tag spam messages

  • Threat protection Rule: Quarantine messages (all risk levels)

Policy D

  • Content filter Rule: Tag messages (keyword match)

  • Threat protection Rule: Quarantine messages (all risk levels)

The following scenarios describe how Deep Discovery Email Inspector creates message splinters based on the policy and rule matching:

  • A message is sent from joe@test.com to recipients alex@example.com and linda@example.com. If alex@example.com and linda@example.com match Policy A, and the message triggers content filtering rule Tag messages (keyword match), Deep Discovery Email Inspector does not create a message splinter because the same policy rule is applied for the same policy matched.

  • A message is sent from joe@test.com to recipients jane@example.com, mark@example.com, and leo@example.com. If jane@example.com and mark@example.com match Policy B, and leo@example.com matches Policy C, and the message triggers policy rules Strip attachments (executable) and Tag spam messages, Deep Discovery Email Inspector does not create a message splinter because the same policy rules are applied for the matched policies.

  • A message is sent from joe@test.com to recipients jane@example.com and bill@example.com. If jane@example.com matches Policy B and bill@example.com matches Policy D, and the message triggers policy rules Tag spam messages and Tag messages (keyword match), Deep Discovery Email Inspector splits the message into two. Deep Discovery Email Inspector applies policy rule Tag spam messages to one message for jane@example.com and applies policy rule Tag messages (keyword match) to the other message for bill@example.com.