Using the ESG v7.6.7. These things are killing us and most are coming from .us domains,. not fedex.com and have been coming in for a week.
Has anyone had success with writing DLP rule to stop these? The only real commonality we've seen is that they almost all have "Manager" as in
Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4
From: Manager David Roy [mailto:support@lincoln.us]
Since "Manager" is not part of the email address, is there a way to write a DLP rule to catch these?
Thanks for any help you can lend,
Ray