Article

Step 8: Establish controls for Internet SMTP traffic

David Sengupta
Let's face it, there's a lot of liability associated with having an open and hard-to-manage communications channel to the outside world.

E-mail hygiene and employee productivity issues aside, simply understanding whether Internet e-mail is being used to communicate sensitive financial data, for example -- either to legitimate external parties such as financial audit firms, or to competitors, media or other parties -- is complex and wrought with challenges.

There have been numerous cases in the media of inappropriate data being sent via Internet e-mail -- sometimes completely in error -- including confidential patient records, financial data, insider trading information and the like.

Avoiding such mishaps and breaches of compliance-related policies can involve a combination of user education, auto-signatures, content-scanning Internet gateways and auditing mechanisms; this includes the ability to report on traffic sent to and received from specific Internet domains containing certain subject keywords, message body keywords or attachments.

As a starting point, companies need to pay better attention to where their Internet e-mail is going and investigate capabilities that can respond to compliance-related investigations quickly.


E-MAIL COMPLIANCE TO DO LIST

 Home:

    Requires Free Membership to View

    Login

Introduction
 Step 1: Establish, communicate and enforce an e-mail policy
 Step 2: Get an archival solution
 Step 3: Evaluate the big picture of e-mail storage
 Step 4: Pay special attention to PSTs
 Step 5: Establish controls and audits for distribution list/group membership
 Step 6: Establish controls for mailbox security and delegation
 Step 7: Establish controls for public folders
 Step 8: Establish controls for Internet SMTP traffic
 Step 9: Establish an e-discovery plan
 Step 10: Identify and eliminate stale objects

ABOUT THE AUTHOR:   
David Sengupta, Exchange expert
David Sengupta is a Product Manager in the Windows Management Group at Quest Software. He has also been a Microsoft MVP in the Exchange Server category for six consecutive years. Sengupta has contributed to various Exchange and Windows books, magazines and white papers from a number of publishers. He also frequently represents Microsoft on staff at Ask the Experts, Microsoft Experts Area and Peer Talk at conferences such as MEC and TechEd. David has an M.T.S. from Tyndale Seminary, Canada, a B.Sc. from University of Ottawa, Canada and MCSE (Messaging) and CCA certifications. David runs a blog on Microsoft Exchange and e-mail compliance issues at http://p0stmaster.blogspot.com and can be reached at mailman@quest.com.
Related Topics: Email Protocols, VIEW ALL TOPICS

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top