Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


prevent Users Ability to send files to their private email addresses

Posted on 2014-04-04
Medium Priority
Last Modified: 2014-04-09
is there a way how we can achieve that?
Question by:DukewillNukem
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 37

Expert Comment

ID: 39977939
You can block sending emails from your email server to another public email name space (Private addresses for users) such as,, through Microsoft Exchange Transport rules or if you have email gateway devices such as Iron port or send mail then you can block from there

LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1332 total points
ID: 39977979
Using their company email to send to their own email, like yahoo, gmail and or personal domains? You can try to blacklist the individual email addresses, but you don't want to blacklist the whole domain, I'm sure that will cut into your other users abilities to send to legitimate customers.
Let's say you do find a way to forbid attachments to their personal/private addresses, what if they start using DropBox, GDrive, Ondrive etc... What if they check their work email from home, and let's say they attach files to their drafted emails, then when at home, open the drafted email and then save the attachments at home, without even sending an email.
It might be your looking at the wrong method of protecting something, this is the internet, there are billions of ways to send 0's and 1's somewhere.
Companies typically have policies and disciplinary actions they can take if they catch a user doing something they are not supposed to, that if often a better method than digital prevention. You have to start with the basics first, and then work up from there when that isn't enough.
LVL 37

Assisted Solution

Mahesh earned 668 total points
ID: 39978013
If user has got company email access from home, one cannot stop them by copying there official mails contents and sending out to internet through other mediums such as personnel emails, sky drive etc, this is true.

But the requirement here is to restrict them to send mails to personnel IDs (Gmail \ yahoo) from there official email ID.
This requirement can be easily achievable through Exchange server or email gateways as mentioned earlier no matter user stays at home or in office

By restricting complete domain such as, you will ensure that emails will be send to only professional \ work \ company email addresses from your company email address \ solution

That is why now companies are started to not accept personal email addresses for registration and they enforce you to provide your official company email address only.

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

LVL 38

Expert Comment

by:Rich Rumble
ID: 39978043
However the method is untenable and doomed to fail. Sites like mailinator, 20-minute mail etc have hundreds of ailiases, and so can gmail, hotmail etc...
$ dig mx
;; ANSWER SECTION:           86399   IN      MX      10           86399   IN      A
nslookup     name =

Open in new window

I think the solution, and I could be wrong in this case, should start with a policy before it should start with technology. If you can't thwart the behavior, and firing people doesn't work, then you have a real issue and even a technological method won't work if they want it bad enough. I think we may need more information from the OP as to what they are trying to ultimately trying to protect.

Author Comment

ID: 39983100
rich,i agree with you,a policy is a first good step.but we have to go further and make sure we can control to a certain extend what has been sent around.

issue: we dont want our users to send enterprise data to and from their private mail accounts.

i do not see modifying the Exchange Transport rules as a solution.

what else could be done to at least tighten that up?
LVL 38

Accepted Solution

Rich Rumble earned 1332 total points
ID: 39983169
It is literally impossible if they do it on purpose. If it's "accidental" I think the policy, and make sure they know of the policy, a little training on that can go a long way, will make the most difference. You can say if we detect (and we are looking for such occurrences), that this is happening, we will have to block all access to external email sites and or social media sites.
Explain that DropBox, DropSend, SkyDrive, G-Drive etc are not company approved methods of data transfer. Cloud services like Google Docs, Office365, Zoho etc are also not approved methods.

Again, they don't even have to SEND them to move them around, you can make a draft and access it while at home, or from your iPhone etc... the attachment is in the draft and it can be DL'd where ever they can access the draft. If it's purposeful you won't stop it. If it's accidental you might be able to if you forbid access to, hotmail etc... by blocking DNS for your users or maybe using a proxy server. Even then perhaps they use a real client like ThunderBird and you will have to block egress ports on the firewalls.

To block them from using company email to personal email addresses, you would have to block them inside your exchange server, to that personal email address or the entire domain.

The reason it's not that common or that easy to solve this situation is that people rely on policy in this case. You can try your hand at using a DLP solution, but they are very expensive and can easily miss their intended objectives, and are often false-positives that cause more frustration that can make the users try other means.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question