You can do this if you treat such messages with a large number of recipients as a compliance violation. You can define a dictionary in MEG under DLP Compliance that matches for e-mail addresses (a regex will do this), and define this dictionary as score-based.
On your outgoing policy, you can set compliance to trigger and quarantine if a given message has over a certain number of email addresses in the Envelope To field, according to what you think is an ideal threshold, and set this policy to accept and drop (silent block) and quarantine the actual message.
Hope this helps.
Interesting way to accomplish this but it does work. The Cisco Ironport adds a feature to aslo look for the total number of recipeimts from a sender over a period of time. This way someone can do a mass emailing once in a while, but if we get a bunch all in a short span we can block/quarantine it. Is there anything like that in the MEG?