I really need a technical resource to encourage Symantec to author a Data Identifier to locate unique/unknown email addresses. We are seeking to identify a method within DLP 14.5 on the ability to match unique email addresses (for us). There does not appear to be a method to do so as of this moment.
Currently if you use a regular expression to detect email addresses, it will detect all email addresses until it reaches the limit (as an example, 100 or 1000 based on the advanced attributes of the detection server). We have identified a transaction that contains thousands of email addresses in the body but once you eliminate duplicates it was only a dozen. The incident was generated from a lengthy continuous thread of months. This is pretty high priority use case for us.
While appreciate your generic concept, it is not a keyword or (known) email address we are looking for.