IT Employment

General discussion


Restricting External Email Use To Fight Spam

By R. A. Caluste ·
Ok, here's a typical scenario:
a) Employee at remote bldg connecting to network via vpn over a wireless broadband connection (translation: slow connection) tries to check email. Employee finds out he has 100+ new messages, 95% of which is spam. Boss follows-up important email to employee, which employee is painfully waiting to download.
b) Employee receives 100 new messages (95% of which is spam), opens an email attachment from someone he knows, and unwillingly unleashes an annoying worm in the network (W32/Dumaru).

I don't have an email spam filter. I have ISA Server 2000 and Exchange Server 2000.

I am thinking of cutting everyone off (except managers) from sending and receiving email messages to and from the Internet,ie restricting email to internal use only. I will be creating delegated email addresses for official use of departments (ex that can communicate outside.

I am expecting violent reactions to this move. However, my question is, is there a better alternative other than spend for a good email spam filter?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Management should make policy

by stress junkie In reply to Restricting External Emai ...

Your posting suggests that you are performing system
administration support but your profile says that you
are a software developer. I'll speculate that you do
both types of work at this business. I've been a system
administrator for a long time.

In my opinion establishing business policies is a
function of management. I have maintained friendly
relationships with end users by telling them that I don't
make policy, I just implement it.

Next, it seems from your posting that the upper
management use Internet access for email for doing
business. If you just announce a new restrictive policy
that isn't yours to make in the first place you could get
fired. If you don't get fired then you will suffer the
embarrasement of having to reverse your position.
Since this new policy of yours will be unpopular then
when you have to undo your work everyone in the
business will laugh at you.

Email spam and virus filters aren't prohibitively

Your best course is to write a proposal to implement an
email spam and virus filter on your email server and
submit it to your manager. You should do some
research first. Get a list of the potential products to
implement, their cost, an outline to implement each
one, and the benefits and drawbacks of each one.
Include the possibility of using free software. You can
find free / open sourse software available on,, and other places.

When you consider approaching any professional task
you should try to see things from the end users' point
of view. Acting like a tyrant will create hostility towards
you and may shorten your length of service at your
current position.

Collapse -

First Step

by TheChas In reply to Restricting External Emai ...

The first step in your fight against SPAM needs to be part of the company policy on computer and email usage.

I have 7 email addresses, and only get SPAM on 1 of them.
The address that I receive my SPAM on is a web based email account that I specifically use when I suspect a site may SPAM me.

Policy needs to be set such that users email accounts are for business use only!
No joke of the day.
No non-work related newsletters.
No special advertisements.
You get the idea.

The spammers need a method to get your users email address.
Normally, this comes from "free" items that users sign up for without reading the privacy or user agreements.

Next, don't openly publish your email addresses on your company web site.
Set up the contact page so that it takes a couple of extra clicks to get each email address.

This won't stop the load of SPAM you're getting now, but it can stop new spam.

Short of a spam filter, the only way to stop the existing spam is to give every user a new email address.

Before you implement a draconian solution such as blocking all external email, you need to look at the impact the decision will have on business.

How many users receive actual work related emails?

How will customers react if they cannot directly email their internal contacts?

How much extra time will people end up spending on the phone with family members instead of dashing off, or reading a quick email?

Remember, IT provides a service to help the company perform and manage it's core business.
If you implement a policy that restricts the companies ability to perform, the company will be at a competitive disadvantage.

Have you looked into setting message rules in Exchange Server to block some of the spam?
Just an idea.


Collapse -

Better SPAM protection

by Oz_Media In reply to Restricting External Emai ...

You say you have SPAM protection but just how effective is it if it isn't covering internet mail in and out?

find a better solution, if you are in a MS house look at GW Guardian.

Collapse -

Find the Money

by bounce In reply to Restricting External Emai ...

The productivity costs of keeping people from sending/receiving external emails will be much higher than the productivity costs of the occasional spam magnet. Problems would arise that you can't even imagine. Plus, it wouldn't work. Plus, everyone would hate you. And, oh yeah, you'd almost certainly be fired.

Write and distribute email policies, enforce them, and for god's sake get anti-spam software.

Collapse -

Spam... used to be in a tin

by duanedelima In reply to Restricting External Emai ...

Departmentalised e-mail addresses can be a solution to the problem... only it brings about its own issues. Spammers often sift through domains with common names to find valid e-mail addresses. e-mail addresses such as,,,, are all great for multi access account setups. But they are all using common words that can be used in a list gathering run to find e-mail addresses. I manage a small office network and only get spam on the addresses that are general. Addresses specific to users' names don't get spam. These general addresses have never been used on webforms or online in any way but have been found and listed for spam.
Spam continues to be a problem but until something can be done at the source, we have to find ways to battle it at the end point. We're the ones it will ultimately affect... use a corporate or enterprise class antivirus (I like norton) and I use outlook 2003... with recently updated spam filter list. I'm not knowledgeable on Exchange server or mail servers on a whole... so I don't know how filters on that end work... but I do know there are relatively low cost filters (low compared to the end costs of dealing with high volume spam).

Collapse -

by angry_white_male In reply to Restricting External Emai ...

Get a SPAM filter. We run SurfControl SMTP on a separate gateway PC between our firewall and Exchange server.

Make sure you have a good internet/e-mail use policy in place and enforce it.

It got to the point where I had to give one user a new e-mail address and to relegate someone else to internal mail only as these two individuals were responsible for 50% of the SPAM coming in every day (I have about 100 mail users).

Related Discussions

Related Forums