Restricting external e-mail access without limiting internal collaboration
I want to restrict most users from access to sending and receiving outside e-mail, but I want to let them collaborate internally and access the public folders. What is the best way to accomplish this?
The best (and easiest) way to prevent them from receiving e-mail is to give them e-mail addresses that are only valid internally. For example, you could use an internal SMTP domain of mycompany.local. The top-level domain (TLD) -- in this case ".local" -- is not a valid public Internet TLD. As a result, Internet SMTP servers can't send e-mail to anything that uses this TLD, such as mycompany.local. This prevents users from receiving Internet e-mail, but it enables them to collaborate with everyone within your internal Exchange organization.
To prevent them from sending e-mail, you'll need to set permissions on your SMTP stack (e.g., Exchange 5.5 IMC, Exchange 2000 SMTP VS, etc.) that prevents them from using that for the transmission of Internet e-mail.
Keep in mind that with the proliferation of Web-based mail services, such as Hotmail, Yahoo Mail and others, your users could easily circumvent your restrictions. If your folks have access to the Web, they can probably send and receive Internet mail outside your radar.
This was first published in July 2003