We would love to see an option to bypass encryption of messages flagged by predefined outbound content filters when TLS connections are used to transmit the message.
Some background: We turned on the HIPAA Data Leakage Prevention filter for subject and body of messages to ensure secure transmission of messages that might include patient health information (PHI). (Block/Accept -> Content Filtering, bottom of the page.) Since we are a hospital, much of our outbound mail contains medical terminology and between that and the street address and phone numbers that are often in senders' signatures, an inordinate number of messages without PHI are getting unnecessarily encrypted.
We run the Email Encryption Details report weekly and are starting to exempt recipient domains that use TLS connections. (We add the exemptions in the Basic -> Administration page down at the "Email Encryption Service" section. You can identify the messages sent over TLS connections in the Message Log if you change the view to include the Encryption column.) It's a lot of maintenance and a lot of domains. Assuming that the email gateway can detect that a TLS connection is going to be used, it would save a lot of work if there was an option within the gateway configuration to not encrypt messages flagged by the content filter if a TLS connection is used.