Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

The recipient 

ann@example.com

 will receive the anti-spam, anti-virus, outbreak filters, and content 

filters defined in policy #1.

The recipient 

larry@example.com

 will receive the anti-spam, anti-virus, outbreak filters, and 

content filters defined in policy #2, because the sender (

@lawfirm.com

) appears sooner in the table 

than the user description that matches the recipient (

jim@

). 

Intelligent message splintering is the mechanism that allows for differing recipient-based content 
security rules to be applied independently to message with multiple recipients. 

Each recipient is evaluated for each policy in the appropriate mail policy table (Incoming or Outgoing) 
in a top-down fashion. 

Each policy that matches a message creates a new message with those recipients. This process is defined 
as message splintering:

If some recipients match different policies, the recipients are grouped according to the policies they 
matched, the message is split into a number of messages equal to the number of policies that 
matched, and the recipients are set to each appropriate “splinter.”

If all recipients match the same policy, the message is not splintered. Conversely, a maximum 
splintering scenario would be one in which a single message is splintered for each message 
recipient. 

Each message splinter is then processed by anti-spam, anti-virus, Advanced Malware Protection 
(incoming messages only), DLP scanning (outgoing messages only), Outbreak Filters, and content 
filters independently in the email pipeline. 

 illustrates the point at which messages are splintered in the email pipeline.