Policy Guide › Best Practices › Excluding Emails By Subject

Excluding Emails By Subject

In addition general sender mailboxes that issue emails that require policy-exemption, organizations often what to ignore emails with specific subjects. This is easily achievable by specifying lists of excluded words or phrases (that is, any email containing these words or phrases is excluded from policy). The trigger settings for this approach are:

Search Which Sections or Documents?

Set this to 'Subject'.

Which Search Text List?

Set this to 'Use the Excluded List''.

Excluded Search Text

Add the words or phrases you want to exclude. Any words or phrases added to here and which are subsequently detected in an email’s Subject will exclude that email from policy (no triggers will fire), even if the email matches a document classification. Consider these four approaches:

• In the example email, you could add the term Company Newsletter to the Excluded Search Text list. This would eliminate the email, but could also create a policy loophole because any email with with ‘Company Newsletter’ in the subject would be excluded from policy.
• A tighter approach would be to append a month reference to the excluded phrase:

  Company Newsletter - {January|February|…|December}. 
  

• To further close the loophole, you could add year reference:

  Company Newsletter - {January|February|…|December} %digits(2000,2100)%.
  

• Because users will often forward or reply to a message, simply excluding the original subject, however detailed, may still be too loose. For example, if a user forwards a message, ‘FW:’ is typically appended to the original Subject. To prevent such replies or forwarded emails from being excluded, you can augment the exclude text with variables to stipulate that any text match must occur at the start of the subject line:

  Company Newsletter - {January|February|…|December} %digits(2000,2100)% %precededby% %ENDBUF%
  

  In this example, emails with "Company Newlsetter…" as the subject are excluded from policy, but emails with a subject such as "RE: Company Newsletter.." are not.

When refining policies in a typical CA Data Protection enterprise, it is common for there to be numerous excluded subjects such as these, and for these excluded subjects to feature across multiple triggers. In such situations, the best approach is to create a User Definition called ‘ExcludedSubjects’ and add all your excluded terms to this definition. You can then use %ExcludeSubjects% in each trigger’s Excluded Search Text setting.

Note: This method is less secure than excluding by sender because any user who knows the excluded phrases can deliberately add them to their e‑mail to circumvent policy.