Data leakage / filtering outbound email

December 20, 2010 at 18:05:10
Specs: Windows XP
We're looking for a product to monitor or prevent data leakage in outbound email. -- We need to setup rules to do content filtering of outbound email, for example, to prevent a clerk from sending a credit card number in an email. Outbound email would be scanned for anything that looked like a credit card number: 16 digits, etc. (Credit card number is just an example similar to the kind of data for which we want to scan.)

Each clerk has his or her own email address, so outbound email from each clerk's PC needs to filtered individually, either on their machine, through a our server or an appliance, or via a remote service.

The issue is NOT to stop someone who has malevolent intent. It's simply to prevent a clerk from sending a credit card number by mistake, since the clerk has access to credit card numbers and could put one in an email simply because he wasn't paying attention. We're not looking for foolproof or tamper proof, and they will know the system is in place. We trust them, so this is not intended to catch people intentionally violating our data management policy. It's supposed to help them comply with the data management policy.

We do need a management report that records this information. Optionally, blocking the outbound email pending management approval, or even kicking it back to the clerk for correction would be fine. The system could allow the email to be sent and simply report the error so that management could council the clerk who made the error.

The purpose of the report is to have a record of compliance violations and due diligence in resolving them.

Additionally, archiving incoming and outgoing email would be valuable option, but is not a requirement. This would give us the ability to review email that had been sent if we thought there was a problem that needed management review.

We use Outlook with a remotely hosted SMTP server (sendmail). Many products are available to do this if we used Microsoft Exchange. We do not use Exchange and do not want to implement it.

This could be a service similar to Postini. Postini has the ability to filter outbound email using REGEX (regular expressions) and will work with our mail server, but we do not like the fact that the filtering is done on google-owned servers because Google has a rather tempting motivation to capture business information from the email that flows through their servers that a provider who doesn't sell business data would not have. (I'm not accusing Google of anything, but we prefer to deal with a company that doesn't have a conflicting interest in our email communication.)

Also, we find it hard to imagine that Postini is the only product available which doesn't require Microsoft Exchange.

It could also be an add-in for Outlook, or it could be something that sits on the clerk's computer in the same position that an outgoing spam / virus filter would sit. In fact a spam / virus filter which allowed for programming of additional scanning rules would likely do the trick.

An Outlook add-in or spam / filtering system residing on each clerk's machine with a remote administration component similar to that provided by many PC security suites would be a good solution.

I suppose it could even be an appliance that sat on our network and had email routed through it.

We want to avoid complexity or something that requires significant technical skill to manage it.

We would use this for a minimum of 12 clerks and could use it for our entire staff of 40 people, if the price is reasonable.

If it sounds like we're rather flexible, we are. We'll likely get more picky as we see what's available to meet the basic filtering requirement, what options are available, and the cost.

See More: Data leakage / filtering outbound email

Report •

December 20, 2010 at 18:13:47
The best way to do this is to encrypt the outgoing emails locally and then send them out with your own mail server to prevent the use of 3rd party services.

Report •

December 20, 2010 at 19:21:52
That isn't the issue. I should have been more clear.

The issue is that the clerks shouldn't be sending confidential information to the recipients at all because the recipients are not authorized to receive the information.

Encryption would be useful if we needed to email confidential information without it being intercepted, which is not this situation.

We simply want to prevent clearly identifiable confidential email from being emailed at all.

Report •

December 20, 2010 at 19:33:13
Take a look at this: Postinie Outbound Content Filter

From the above page:
"# Quarantine outbound messages that contain credit card numbers or Social Security numbers, using pre-defined filters we've set up for you.
# Review or monitor inbound or outbound messages that contain specific content, but let users send or receive them."

That's what we want to do. We want to know what other options we have besides Postini. All of the other products we've found require Microsoft Exchange - which we do not want to implement solely to achieve this goal.

We will use Postini if that's all that's available. I just find it difficult to imagine there's not something else to look at.

Report •

Related Solutions

Ask Question