In his article, “Preventing Internal Email Abuse with Exchange Server 2010”, Paul Cunningham has stated,”… there is a lesser amount of attention given to preventing internal abuse of email systems. The risk of internal email abuse may seem low but for some organizations the risk is actually quite significant.”

In Exchange Server 2010, one of the more interesting features that have been improved is that of Transport Rule Predicates and Actions. Using Transport rules an administrator can create a rule which will inspect messages for conditions specified in the rules. The administrator can also create exceptions to the rules such that if those exceptions are met then no actions are applied to the email messages that have been identified by the rule which filtered out the identified message. With Exchange Server 2010 additional flexibility has been added for creating rules and actions to be taken against those identified messages.

In Paul Cunningham’s post he discusses how Transport Rules can be created and applied to internal messages with the purpose of identifying abusive email practices and their originators.

It is nice to have such a feature added to Exchange Server that can be used to help eliminate or at least reduce abusive internal emails sent and received within an organization. But I think companies and their IT departments will also have to speak with their legal departments to ensure they are not encroaching on any privacy laws.

Continue reading Exchange Server 2010 Email Abuse Prevention

One of the challenges for businesses when they provide email access to their staff is how to let staff use email productively while also managing the risk of information leakage.

Although information leaks can occur over many different mediums, leaks over email remain a serious concern for some businesses.

Fortunately Exchange Server 2010 includes features to help organizations manage the risk of information leaks via email.

Using Message Classifications

Message classifications provide a mechanism by which end users can classify individual email messages.  These classifications are completely customizable and can be used for just about any purpose, even non-security related ones.

Custom classifications can be created by the email administrators and distributed to end users for use within Outlook.  These could include message classifications such as “Confidential” and “Public” to convey the level of security associated with the email content.

One of two approaches could then be taken to enforce their usage.

1. Have email messages created with the most confidential classification by default, requiring the end user to deliberately lower the classification to send external emails.
2. Have email messages created with no classification by default, and require users to choose at least one before sending.

Message classifications can be used in conjunction with Transport Rules for enforcement.  For the two examples above Transport Rules could be created to:

1. Reject messages sent to external recipients that are classified as “Confidential”
2. Reject messages that are sent to external recipients with no classification set

Protecting Customer Information

Another use of Transport Rules is to assess emails based on their content.  If certain text patterns are found within an email message the Transport Rule can reject the message from being sent to an external recipient. Continue reading Preventing Information Leaks with Exchange Server 2010