How can block employees from emailing to public email domains eg. Hotmail, Rogers, yahoo, GMail etc.

I work for a financial services company, and I've been asked to make sure no one is able to email public email domains.  Eg.  Hotmail, Yahoo, GMail.   The purpose of this is to prevent confidential onformation from being leaked via email.

Does Exchange 2003 have the capability of creatign a blocked domain table.  We already have inbound emails covered with the aid of Webshield SMTP.

Who is Participating?
tcicatelliConnect With a Mentor CIOCommented:
What if you created a DNS entry with a bogus IP address for hotmail, gmail, etc.  This would have the dual advantage of not only blocking outgoing email (the email server would try to email to the wrong IP) and the user would be unable to access their own personal hotmail, gmail, accounts.  

Alternatively, if you enter these entries in the hosts file of the exchange server, it would only disable outgoing mail from that server.
I like that solution. You could also blacklist mail from those domains as spam at the spam filter if you happen to be running one.
Admin1980Author Commented:
"What if you created a DNS entry with a bogus IP address for hotmail, gmail, etc."
I like you idea.  I'll hold on to it unless there are better suggestions..

Can Exchange do the Job?  I'm not concerned about incoming  emails from the metioned domains, Webshield SMTP is taking care of that, therefore an Exchange blacklist is not required.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

While the DNS entry is an excellent idea within itself, I must say that blocking yahoo, hotmail, gmail isn't going to offer much protection. It's not difficult to obtain an email address. Some only make it easier than others.

Block all out going email and you'll have nothing to worry about.
Unless they have access to their own laptop, which can easily be configured to bypass the restrictions (dns or otherwise) you've imposed.

For that matter, all a person would have to do is save the information to an external drive (ipod, flash drive etc) and using their home, or other PC.

The point I'm trying to make is you're open to this sort of activity through more channels than just GMail, Hotmail, and yahoo services, and I'd suspect simply restricting sending mail to these addresses will annoy more customers, than it will stop leaks

Just my 2 cents

Admin1980Author Commented:
We've tried to cover all angles.  Disabled  I/O devices and ports, no one uses laptops.  Web restriction to public email, and  block all inbound email from such domains.  By restricting outbound email access to public domains, we will be pretty much covered.    Restriction to Public email domains is part of our security policy, so even if it annoys anyone the'll have to live with it...we just need to inforce it.

I know you can never be 100% secured, but this would be a big step towards it.

Once this is done, the other risks would be employees printing the data and taking it home, or using less popular public email domains.  But we have Websense to block them by category filtering.

But thanks for your advice.
Can u give a brief explanation of the solution of what i should do in exchange 2003 to block employees from emailing to public email domains eg. Hotmail, Rogers, yahoo, GMail etc.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.