The only way to make this sort of idea work reliably is a managed learning approach that creates a whitelist of known-good network traffic patterns, and then only permits those.
A prescriptive signature-based black list, as you point out, is easily fooled with simple obscurity.
Rather, controlling what information software can get it's hands on (focusing on the input rather than output) seems to the only way out? This is what app permissions on phones and applet sandboxing, chroot jails & containers, etc; try to do.
An additional twist that seems daunting (but interesting) is to mark sensitive data at EVERY step in it's processing, with support from the OS and hardware, and never let out tainted data out without explicit permission. See Perl's tainted variables for the gist of the inspiration.
So if a = "User's name", which is protected data, and you do b = a, then b is tainted, too, and write(socket_fd, *b) would pop-up an alert.
All old hat, I bet, to security researchers. I'm just thinking out aloud.
Yes, I worked on a product with a DLP feature we touted yet it would fail to identify credit cards if you put extra characters between sets of numbers.
It sounds good, and because compliance is about by making good-sounding things mandatory (weekly password rotation, yay! /s) it got mandated in a lot of places.
And it did catch mistakes, like accountants sending the wrong files or to external addresses. Which I guess is justification for it right there.
But it's billed as a stronger (ie hacker) protection, for which it's useless, so I never liked it.
I think the world would be safer with an email plugin that helped you by suggesting that you should not send a document to a given address, based on rules and observations. It'd only be a suggestion so nobody would expect miracles, but it'd stop all the unintentional mistakes our system stopped, for a fraction of the price.
