[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


How can block employees from emailing to public email domains eg. Hotmail, Rogers, yahoo, GMail etc.

Posted on 2007-10-12
Medium Priority
Last Modified: 2013-12-18
I work for a financial services company, and I've been asked to make sure no one is able to email public email domains.  Eg.  Hotmail, Yahoo, GMail.   The purpose of this is to prevent confidential onformation from being leaked via email.

Does Exchange 2003 have the capability of creatign a blocked domain table.  We already have inbound emails covered with the aid of Webshield SMTP.

Question by:Admin1980

Accepted Solution

tcicatelli earned 1500 total points
ID: 20068636
What if you created a DNS entry with a bogus IP address for hotmail, gmail, etc.  This would have the dual advantage of not only blocking outgoing email (the email server would try to email to the wrong IP) and the user would be unable to access their own personal hotmail, gmail, accounts.  

Alternatively, if you enter these entries in the hosts file of the exchange server, it would only disable outgoing mail from that server.

Expert Comment

ID: 20068890
I like that solution. You could also blacklist mail from those domains as spam at the spam filter if you happen to be running one.

Author Comment

ID: 20069113
"What if you created a DNS entry with a bogus IP address for hotmail, gmail, etc."
I like you idea.  I'll hold on to it unless there are better suggestions..

Can Exchange do the Job?  I'm not concerned about incoming  emails from the metioned domains, Webshield SMTP is taking care of that, therefore an Exchange blacklist is not required.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 14

Expert Comment

ID: 20072777
While the DNS entry is an excellent idea within itself, I must say that blocking yahoo, hotmail, gmail isn't going to offer much protection. It's not difficult to obtain an email address. Some only make it easier than others.

Block all out going email and you'll have nothing to worry about.
Unless they have access to their own laptop, which can easily be configured to bypass the restrictions (dns or otherwise) you've imposed.

For that matter, all a person would have to do is save the information to an external drive (ipod, flash drive etc) and using their home, or other PC.

The point I'm trying to make is you're open to this sort of activity through more channels than just GMail, Hotmail, and yahoo services, and I'd suspect simply restricting sending mail to these addresses will annoy more customers, than it will stop leaks

Just my 2 cents


Author Comment

ID: 20077623
We've tried to cover all angles.  Disabled  I/O devices and ports, no one uses laptops.  Web restriction to public email, and  block all inbound email from such domains.  By restricting outbound email access to public domains, we will be pretty much covered.    Restriction to Public email domains is part of our security policy, so even if it annoys anyone the'll have to live with it...we just need to inforce it.

I know you can never be 100% secured, but this would be a big step towards it.

Once this is done, the other risks would be employees printing the data and taking it home, or using less popular public email domains.  But we have Websense to block them by category filtering.

But thanks for your advice.

Expert Comment

ID: 22350823
Can u give a brief explanation of the solution of what i should do in exchange 2003 to block employees from emailing to public email domains eg. Hotmail, Rogers, yahoo, GMail etc.

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question