Solved

prevent Users Ability to send files to their private email addresses

Posted on 2014-04-04
6
473 Views
Last Modified: 2014-04-09
is there a way how we can achieve that?
0
Comment
Question by:DukewillNukem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39977939
You can block sending emails from your email server to another public email name space (Private addresses for users) such as gmail.com, yahoomail.com, rediffmail.com through Microsoft Exchange Transport rules or if you have email gateway devices such as Iron port or send mail then you can block from there

Mahesh.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 333 total points
ID: 39977979
Using their company email to send to their own email, like yahoo, gmail and or personal domains? You can try to blacklist the individual email addresses, but you don't want to blacklist the whole domain, I'm sure that will cut into your other users abilities to send to legitimate customers.
Let's say you do find a way to forbid attachments to their personal/private addresses, what if they start using DropBox, GDrive, Ondrive etc... What if they check their work email from home, and let's say they attach files to their drafted emails, then when at home, open the drafted email and then save the attachments at home, without even sending an email.
It might be your looking at the wrong method of protecting something, this is the internet, there are billions of ways to send 0's and 1's somewhere.
Companies typically have policies and disciplinary actions they can take if they catch a user doing something they are not supposed to, that if often a better method than digital prevention. You have to start with the basics first, and then work up from there when that isn't enough.
-rich
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 167 total points
ID: 39978013
If user has got company email access from home, one cannot stop them by copying there official mails contents and sending out to internet through other mediums such as personnel emails, sky drive etc, this is true.

But the requirement here is to restrict them to send mails to personnel IDs (Gmail \ yahoo) from there official email ID.
This requirement can be easily achievable through Exchange server or email gateways as mentioned earlier no matter user stays at home or in office

By restricting complete domain such as gmail.com, you will ensure that emails will be send to only professional \ work \ company email addresses from your company email address \ solution

That is why now companies are started to not accept personal email addresses for registration and they enforce you to provide your official company email address only.

Mahesh.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39978043
However the method is untenable and doomed to fail. Sites like mailinator, 20-minute mail etc have hundreds of ailiases, and so can gmail, hotmail etc...
$ dig binkmail.com mx
;; ANSWER SECTION:
binkmail.com.           86399   IN      MX      10 binkmail.com.
binkmail.com.           86399   IN      A       207.198.106.56
----------------
nslookup 207.198.106.56
56.106.198.207.in-addr.arpa     name = mailinator.com

Open in new window

I think the solution, and I could be wrong in this case, should start with a policy before it should start with technology. If you can't thwart the behavior, and firing people doesn't work, then you have a real issue and even a technological method won't work if they want it bad enough. I think we may need more information from the OP as to what they are trying to ultimately trying to protect.
-rich
0
 

Author Comment

by:DukewillNukem
ID: 39983100
rich,i agree with you,a policy is a first good step.but we have to go further and make sure we can control to a certain extend what has been sent around.

issue: we dont want our users to send enterprise data to and from their private mail accounts.

i do not see modifying the Exchange Transport rules as a solution.

what else could be done to at least tighten that up?
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 333 total points
ID: 39983169
It is literally impossible if they do it on purpose. If it's "accidental" I think the policy, and make sure they know of the policy, a little training on that can go a long way, will make the most difference. You can say if we detect (and we are looking for such occurrences), that this is happening, we will have to block all access to external email sites and or social media sites.
Explain that DropBox, DropSend, SkyDrive, G-Drive etc are not company approved methods of data transfer. Cloud services like Google Docs, Office365, Zoho etc are also not approved methods.

Again, they don't even have to SEND them to move them around, you can make a draft and access it while at home, or from your iPhone etc... the attachment is in the draft and it can be DL'd where ever they can access the draft. If it's purposeful you won't stop it. If it's accidental you might be able to if you forbid access to gmail.com, hotmail etc... by blocking DNS for your users or maybe using a proxy server. Even then perhaps they use a real client like ThunderBird and you will have to block egress ports on the firewalls.

To block them from using company email to personal email addresses, you would have to block them inside your exchange server, to that personal email address or the entire domain.

The reason it's not that common or that easy to solve this situation is that people rely on policy in this case. You can try your hand at using a DLP solution, but they are very expensive and can easily miss their intended objectives, and are often false-positives that cause more frustration that can make the users try other means.
-rich
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question