[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Opinion: Blocking hotmail, etc?
We do block access to external mail accounts. Recently I was asked to explain why we block this access. I am simply providing my reasoning as to why we block this access as I expressed to my supervisor. You can agree or not. 1. The most important reason is for the protection of the company, its assets, and resources. The use of HTML mail such as AOL would open us up to such things as: - Unlimited (depending on ISP) size of attachments, entire programs or project files could be e-mailed out side the company with it being virtually undetectable. We recently had this come up in one of our offices. She was caught because of our 2MB limit. Even if they use our system to mail smaller files we have a record of it. - Possibly no scanning of e-mail for potential viruses, again dependent on the ISP. A PC could be infected by an outside source and transfer that to our internal mail system. Our desktop scanners can only catch known viruses and can be disabled by the user as we have seen some do. - Legal liability for and other inappropriate content. No ISP that I am aware filters for this content. Once in our system we see this mail being sent not only to other company employees, but also back out to other clients and friends. We have seen examples of this behavior, which caused conflicts with clients. Court cases have ruled that we are responsible if we do not make some sort of effort to stop this traffic. This opens us up to not only ual harassment lawsuits, but could also effect relationship with clients. The company currently blocks approx. 20,000 e-mails a month for SPAM, profanity, or other inappropriate content. - The use of our Internet link could go up as a result of this usage. Should those incremental costs be passed on to the company so that people can access their external e-mail accounts? 2. The protection of the employee: - Court cases have shown that the company could be liable for anything that company equipment is used to do. Therefore, if an employee uses the company network to access their e-mail, the company has a right to ask that employee for access to their personal e-mail account. 3. Now that the reasons for not allowing access are outlined the question must be asked "Why allow it?". The company makes no effort to stop employees from using company's mail system for personal contacts so long as they comply with our e-mail policies. I do not think we want company equipment used if they were not complying with our policies anyway. The only reason I know of to allow access is for convenience sake. I do not think the convenience of them being able to access a personal e-mail account while at work even comes close to outweighing the concerns expressed. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Saturday, January 13, 2001 9:08 AM To: [email protected] Subject: RE: [FW1] Opinion: Blocking hotmail, etc? Regarding the source IP being sent with the message- In a NAT/IP Masquerade environment, which address gets sent? For example, with a network using 172.16.x.x addresses internally, would that source address get sent, or the address of the gateway? TIA - CQ -----Original Message----- From: Ian Campbell [mailto:[email protected]] Sent: Friday, January 12, 2001 6:06 PM To: '[email protected]'; [email protected] Subject: RE: [FW1] Opinion: Blocking hotmail, etc? <<Our company has recently become aware that some employees are bypassing our email systems and using hotmail accounts to send personal email on work time. This leaves us vulnerable to both the time lost in writing the emails, as well as liable for content as hotmail sends the IP address of the source computer along with the message, which would of course be traced back to our company.>> Just my opinion, but I think this is a little paranoid. Users will and do write personal emails anyway, unless your email policies are so draconian that they know their email can and will be read by 'big brother' (It probably is if they're resorting to using Hotmail, etc...). While I can't comment on the legal ramifications of a harmful email message being traced back to your network, it would seem to me that this would be way less potentially damaging to your company than having them send it via the company mail server... Also, I'm against doing this sort of thing on principle, since it sends the message to your employees that you don't trust them to behave in a responsible manner and breeds resentment. I wouldn't want to work for a company that does this... Ian ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|