How can block employees from emailing to public email domains eg. Hotmail, Rogers, yahoo, GMail etc.

Posted on 2007-10-12
Last Modified: 2013-12-18
I work for a financial services company, and I've been asked to make sure no one is able to email public email domains.  Eg.  Hotmail, Yahoo, GMail.   The purpose of this is to prevent confidential onformation from being leaked via email.

Does Exchange 2003 have the capability of creatign a blocked domain table.  We already have inbound emails covered with the aid of Webshield SMTP.

Question by:Admin1980
    LVL 7

    Accepted Solution

    What if you created a DNS entry with a bogus IP address for hotmail, gmail, etc.  This would have the dual advantage of not only blocking outgoing email (the email server would try to email to the wrong IP) and the user would be unable to access their own personal hotmail, gmail, accounts.  

    Alternatively, if you enter these entries in the hosts file of the exchange server, it would only disable outgoing mail from that server.
    LVL 4

    Expert Comment

    I like that solution. You could also blacklist mail from those domains as spam at the spam filter if you happen to be running one.

    Author Comment

    "What if you created a DNS entry with a bogus IP address for hotmail, gmail, etc."
    I like you idea.  I'll hold on to it unless there are better suggestions..

    Can Exchange do the Job?  I'm not concerned about incoming  emails from the metioned domains, Webshield SMTP is taking care of that, therefore an Exchange blacklist is not required.
    LVL 13

    Expert Comment

    While the DNS entry is an excellent idea within itself, I must say that blocking yahoo, hotmail, gmail isn't going to offer much protection. It's not difficult to obtain an email address. Some only make it easier than others.

    Block all out going email and you'll have nothing to worry about.
    Unless they have access to their own laptop, which can easily be configured to bypass the restrictions (dns or otherwise) you've imposed.

    For that matter, all a person would have to do is save the information to an external drive (ipod, flash drive etc) and using their home, or other PC.

    The point I'm trying to make is you're open to this sort of activity through more channels than just GMail, Hotmail, and yahoo services, and I'd suspect simply restricting sending mail to these addresses will annoy more customers, than it will stop leaks

    Just my 2 cents


    Author Comment

    We've tried to cover all angles.  Disabled  I/O devices and ports, no one uses laptops.  Web restriction to public email, and  block all inbound email from such domains.  By restricting outbound email access to public domains, we will be pretty much covered.    Restriction to Public email domains is part of our security policy, so even if it annoys anyone the'll have to live with it...we just need to inforce it.

    I know you can never be 100% secured, but this would be a big step towards it.

    Once this is done, the other risks would be employees printing the data and taking it home, or using less popular public email domains.  But we have Websense to block them by category filtering.

    But thanks for your advice.

    Expert Comment

    Can u give a brief explanation of the solution of what i should do in exchange 2003 to block employees from emailing to public email domains eg. Hotmail, Rogers, yahoo, GMail etc.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
    The purpose of this video is to demonstrate how to set up a Mailchimp Template which will let the user create a uniform look for all of their campaigns. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mail…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now