Solved

prevent Users Ability to send files to their private email addresses

Posted on 2014-04-04
6
465 Views
Last Modified: 2014-04-09
is there a way how we can achieve that?
0
Comment
Question by:DukewillNukem
  • 3
  • 2
6 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 39977939
You can block sending emails from your email server to another public email name space (Private addresses for users) such as gmail.com, yahoomail.com, rediffmail.com through Microsoft Exchange Transport rules or if you have email gateway devices such as Iron port or send mail then you can block from there

Mahesh.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 333 total points
ID: 39977979
Using their company email to send to their own email, like yahoo, gmail and or personal domains? You can try to blacklist the individual email addresses, but you don't want to blacklist the whole domain, I'm sure that will cut into your other users abilities to send to legitimate customers.
Let's say you do find a way to forbid attachments to their personal/private addresses, what if they start using DropBox, GDrive, Ondrive etc... What if they check their work email from home, and let's say they attach files to their drafted emails, then when at home, open the drafted email and then save the attachments at home, without even sending an email.
It might be your looking at the wrong method of protecting something, this is the internet, there are billions of ways to send 0's and 1's somewhere.
Companies typically have policies and disciplinary actions they can take if they catch a user doing something they are not supposed to, that if often a better method than digital prevention. You have to start with the basics first, and then work up from there when that isn't enough.
-rich
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 167 total points
ID: 39978013
If user has got company email access from home, one cannot stop them by copying there official mails contents and sending out to internet through other mediums such as personnel emails, sky drive etc, this is true.

But the requirement here is to restrict them to send mails to personnel IDs (Gmail \ yahoo) from there official email ID.
This requirement can be easily achievable through Exchange server or email gateways as mentioned earlier no matter user stays at home or in office

By restricting complete domain such as gmail.com, you will ensure that emails will be send to only professional \ work \ company email addresses from your company email address \ solution

That is why now companies are started to not accept personal email addresses for registration and they enforce you to provide your official company email address only.

Mahesh.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39978043
However the method is untenable and doomed to fail. Sites like mailinator, 20-minute mail etc have hundreds of ailiases, and so can gmail, hotmail etc...
$ dig binkmail.com mx
;; ANSWER SECTION:
binkmail.com.           86399   IN      MX      10 binkmail.com.
binkmail.com.           86399   IN      A       207.198.106.56
----------------
nslookup 207.198.106.56
56.106.198.207.in-addr.arpa     name = mailinator.com

Open in new window

I think the solution, and I could be wrong in this case, should start with a policy before it should start with technology. If you can't thwart the behavior, and firing people doesn't work, then you have a real issue and even a technological method won't work if they want it bad enough. I think we may need more information from the OP as to what they are trying to ultimately trying to protect.
-rich
0
 

Author Comment

by:DukewillNukem
ID: 39983100
rich,i agree with you,a policy is a first good step.but we have to go further and make sure we can control to a certain extend what has been sent around.

issue: we dont want our users to send enterprise data to and from their private mail accounts.

i do not see modifying the Exchange Transport rules as a solution.

what else could be done to at least tighten that up?
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 333 total points
ID: 39983169
It is literally impossible if they do it on purpose. If it's "accidental" I think the policy, and make sure they know of the policy, a little training on that can go a long way, will make the most difference. You can say if we detect (and we are looking for such occurrences), that this is happening, we will have to block all access to external email sites and or social media sites.
Explain that DropBox, DropSend, SkyDrive, G-Drive etc are not company approved methods of data transfer. Cloud services like Google Docs, Office365, Zoho etc are also not approved methods.

Again, they don't even have to SEND them to move them around, you can make a draft and access it while at home, or from your iPhone etc... the attachment is in the draft and it can be DL'd where ever they can access the draft. If it's purposeful you won't stop it. If it's accidental you might be able to if you forbid access to gmail.com, hotmail etc... by blocking DNS for your users or maybe using a proxy server. Even then perhaps they use a real client like ThunderBird and you will have to block egress ports on the firewalls.

To block them from using company email to personal email addresses, you would have to block them inside your exchange server, to that personal email address or the entire domain.

The reason it's not that common or that easy to solve this situation is that people rely on policy in this case. You can try your hand at using a DLP solution, but they are very expensive and can easily miss their intended objectives, and are often false-positives that cause more frustration that can make the users try other means.
-rich
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now