prevent Users Ability to send files to their private email addresses

Posted on 2014-04-04
Last Modified: 2014-04-09
is there a way how we can achieve that?
Question by:DukewillNukem
  • 3
  • 2
LVL 37

Expert Comment

ID: 39977939
You can block sending emails from your email server to another public email name space (Private addresses for users) such as,, through Microsoft Exchange Transport rules or if you have email gateway devices such as Iron port or send mail then you can block from there

LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 333 total points
ID: 39977979
Using their company email to send to their own email, like yahoo, gmail and or personal domains? You can try to blacklist the individual email addresses, but you don't want to blacklist the whole domain, I'm sure that will cut into your other users abilities to send to legitimate customers.
Let's say you do find a way to forbid attachments to their personal/private addresses, what if they start using DropBox, GDrive, Ondrive etc... What if they check their work email from home, and let's say they attach files to their drafted emails, then when at home, open the drafted email and then save the attachments at home, without even sending an email.
It might be your looking at the wrong method of protecting something, this is the internet, there are billions of ways to send 0's and 1's somewhere.
Companies typically have policies and disciplinary actions they can take if they catch a user doing something they are not supposed to, that if often a better method than digital prevention. You have to start with the basics first, and then work up from there when that isn't enough.
LVL 37

Assisted Solution

Mahesh earned 167 total points
ID: 39978013
If user has got company email access from home, one cannot stop them by copying there official mails contents and sending out to internet through other mediums such as personnel emails, sky drive etc, this is true.

But the requirement here is to restrict them to send mails to personnel IDs (Gmail \ yahoo) from there official email ID.
This requirement can be easily achievable through Exchange server or email gateways as mentioned earlier no matter user stays at home or in office

By restricting complete domain such as, you will ensure that emails will be send to only professional \ work \ company email addresses from your company email address \ solution

That is why now companies are started to not accept personal email addresses for registration and they enforce you to provide your official company email address only.

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

LVL 38

Expert Comment

by:Rich Rumble
ID: 39978043
However the method is untenable and doomed to fail. Sites like mailinator, 20-minute mail etc have hundreds of ailiases, and so can gmail, hotmail etc...
$ dig mx
;; ANSWER SECTION:           86399   IN      MX      10           86399   IN      A
nslookup     name =

Open in new window

I think the solution, and I could be wrong in this case, should start with a policy before it should start with technology. If you can't thwart the behavior, and firing people doesn't work, then you have a real issue and even a technological method won't work if they want it bad enough. I think we may need more information from the OP as to what they are trying to ultimately trying to protect.

Author Comment

ID: 39983100
rich,i agree with you,a policy is a first good step.but we have to go further and make sure we can control to a certain extend what has been sent around.

issue: we dont want our users to send enterprise data to and from their private mail accounts.

i do not see modifying the Exchange Transport rules as a solution.

what else could be done to at least tighten that up?
LVL 38

Accepted Solution

Rich Rumble earned 333 total points
ID: 39983169
It is literally impossible if they do it on purpose. If it's "accidental" I think the policy, and make sure they know of the policy, a little training on that can go a long way, will make the most difference. You can say if we detect (and we are looking for such occurrences), that this is happening, we will have to block all access to external email sites and or social media sites.
Explain that DropBox, DropSend, SkyDrive, G-Drive etc are not company approved methods of data transfer. Cloud services like Google Docs, Office365, Zoho etc are also not approved methods.

Again, they don't even have to SEND them to move them around, you can make a draft and access it while at home, or from your iPhone etc... the attachment is in the draft and it can be DL'd where ever they can access the draft. If it's purposeful you won't stop it. If it's accidental you might be able to if you forbid access to, hotmail etc... by blocking DNS for your users or maybe using a proxy server. Even then perhaps they use a real client like ThunderBird and you will have to block egress ports on the firewalls.

To block them from using company email to personal email addresses, you would have to block them inside your exchange server, to that personal email address or the entire domain.

The reason it's not that common or that easy to solve this situation is that people rely on policy in this case. You can try your hand at using a DLP solution, but they are very expensive and can easily miss their intended objectives, and are often false-positives that cause more frustration that can make the users try other means.

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question