prevent Users Ability to send files to their private email addresses

is there a way how we can achieve that?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can block sending emails from your email server to another public email name space (Private addresses for users) such as,, through Microsoft Exchange Transport rules or if you have email gateway devices such as Iron port or send mail then you can block from there

Rich RumbleSecurity SamuraiCommented:
Using their company email to send to their own email, like yahoo, gmail and or personal domains? You can try to blacklist the individual email addresses, but you don't want to blacklist the whole domain, I'm sure that will cut into your other users abilities to send to legitimate customers.
Let's say you do find a way to forbid attachments to their personal/private addresses, what if they start using DropBox, GDrive, Ondrive etc... What if they check their work email from home, and let's say they attach files to their drafted emails, then when at home, open the drafted email and then save the attachments at home, without even sending an email.
It might be your looking at the wrong method of protecting something, this is the internet, there are billions of ways to send 0's and 1's somewhere.
Companies typically have policies and disciplinary actions they can take if they catch a user doing something they are not supposed to, that if often a better method than digital prevention. You have to start with the basics first, and then work up from there when that isn't enough.
If user has got company email access from home, one cannot stop them by copying there official mails contents and sending out to internet through other mediums such as personnel emails, sky drive etc, this is true.

But the requirement here is to restrict them to send mails to personnel IDs (Gmail \ yahoo) from there official email ID.
This requirement can be easily achievable through Exchange server or email gateways as mentioned earlier no matter user stays at home or in office

By restricting complete domain such as, you will ensure that emails will be send to only professional \ work \ company email addresses from your company email address \ solution

That is why now companies are started to not accept personal email addresses for registration and they enforce you to provide your official company email address only.

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

Rich RumbleSecurity SamuraiCommented:
However the method is untenable and doomed to fail. Sites like mailinator, 20-minute mail etc have hundreds of ailiases, and so can gmail, hotmail etc...
$ dig mx
;; ANSWER SECTION:           86399   IN      MX      10           86399   IN      A
nslookup     name =

Open in new window

I think the solution, and I could be wrong in this case, should start with a policy before it should start with technology. If you can't thwart the behavior, and firing people doesn't work, then you have a real issue and even a technological method won't work if they want it bad enough. I think we may need more information from the OP as to what they are trying to ultimately trying to protect.
DukewillNukemAuthor Commented:
rich,i agree with you,a policy is a first good step.but we have to go further and make sure we can control to a certain extend what has been sent around.

issue: we dont want our users to send enterprise data to and from their private mail accounts.

i do not see modifying the Exchange Transport rules as a solution.

what else could be done to at least tighten that up?
Rich RumbleSecurity SamuraiCommented:
It is literally impossible if they do it on purpose. If it's "accidental" I think the policy, and make sure they know of the policy, a little training on that can go a long way, will make the most difference. You can say if we detect (and we are looking for such occurrences), that this is happening, we will have to block all access to external email sites and or social media sites.
Explain that DropBox, DropSend, SkyDrive, G-Drive etc are not company approved methods of data transfer. Cloud services like Google Docs, Office365, Zoho etc are also not approved methods.

Again, they don't even have to SEND them to move them around, you can make a draft and access it while at home, or from your iPhone etc... the attachment is in the draft and it can be DL'd where ever they can access the draft. If it's purposeful you won't stop it. If it's accidental you might be able to if you forbid access to, hotmail etc... by blocking DNS for your users or maybe using a proxy server. Even then perhaps they use a real client like ThunderBird and you will have to block egress ports on the firewalls.

To block them from using company email to personal email addresses, you would have to block them inside your exchange server, to that personal email address or the entire domain.

The reason it's not that common or that easy to solve this situation is that people rely on policy in this case. You can try your hand at using a DLP solution, but they are very expensive and can easily miss their intended objectives, and are often false-positives that cause more frustration that can make the users try other means.

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.