1) Can I block an entire email domain with McAfee's DLP?
(for McAfee DLP 9.2 (ePO 4.6.1)).
For example can I blacklist all email addresses with, for example: @hotmail.com or @yahoo.com
(for any content, or does this always depend on tagged words or documents)
2) If this is possible, how do I do this?
3) And is it possible to block all email addresses and only allow a few that are on a whitelist for certain people?
According to the help it is possible to create an email protection rule
McAfee Data Loss Prevention 9.2.0 -> Controlling Sensitive Content with Protection Rules -> Definitions and how they define rules -> Create and define an email protection rule
The menu option in my DLP policy screen is greyed-out at the moment so i can't help you any further. I think this is because i'm running DLP in 9.0 compatibility mode.
Email Destination includes @hotmail.com
Email group includes my own account:
I currently have the following setup as Email Protection Rule:
Protect emails outgoing emails when the following rules are met:
the email destinatrion is any of the: 'Email Destination'
When this rule is applied perform the following action: Block (Online/Offline).
This rule is assigened in 'Email block group'.
The policy is enabled and applied, and the DLP does for example already block USB (so DLP work on my pc):
However I can still send emails to any hotmail address...
Does anyone know how to block any email being send to @hotmail.com?
What mail client are you running? Are you running Outlook connected to an Exchange server?
----Theory needs confirmation----
I suspect that DLP use an SMTP proxy monitoring port 25 to filter the emails. As Outlook doesn't use port 25 then emails wouldn't be blocked. You would need to look at blocking emails at the Exchange server or with GroupShield.
Hopefully someone might be able to confirm my thinking
Can you not block it on the Exchange Server.
A Exchange 2007 transport rule could achieve the goal or if you have GroupShield as part of your McAfee agreement then the domain could be added to a blacklist.
but let's say you want to block an entire domain, unless the email contains a (certain) .pdf document?
This should be possible with DLP, right?