Why isn't the Destination shown within the Incident Report after a protection policy detects email sent from Webmail?
Email sent from Webmail is sent through the ProxySG as HTTP decode and is subsequently sent to DLP as HTTP data, so the DLP can only show the match part of the data; either as the sender, receiver, or mail body, but it cannot determine the source or destination. From the DLP appliance point of view, these email addresses (source or destination) are strings, and are matchable within the data, but it's unable to determine the source or destination based on strings.
Be aware that different Webmail providers use different programming syntax/scripts.
Rate this Page
Please take a moment to complete this form to help us better serve you.