The E-mail PEP operates between the e-mail client and the Mail server. The PEP intercepts each request, determines if the user is authorized to perform the requested action given sensitivities of the information assets (email body and each attachment) involved.
[Source: https://www.omg.org/spec/IEF-RA/1.0/]