Security Basics mailing list archives

RE: outgoing email monitoring

From: jfvanmeter () comcast net
Date: Tue, 08 May 2007 10:52:57 +0000

I've used websense in the past to create a key word search that would inspect out bound emails, blocking any that 
matched a rule.  The user also had no implied expectation of personal privacy, and what defined personal provacy was 
outlined in the acceptable user aggreement.. With all of that said 

There might be a problem were email is a form of "electronic communication," and whether email is exempt under the 
"communications in transient storage" from the Wiretap Act. The Electronic Communications Privacy Act (ECPA) of 1986 
updated title 18 of the United States Code (the Wiretap Act).

If email is considered an electronic communication, then it is considered protected under the ECPA. However, there are 
arguements that email was not "electronic communication" when it was copied because it was "in storage" at the time. 

The court concluded that "electronic communication" includes "transient electronic storage that is intrinsic to the 
communication process for such communications" and that "interception of an email message in such storage is an offense 
under the Wiretap Act."

When I used websense to filter emails, I had the company lawyer check out the process, added a new adenuim to the 
acceptable user aggreement, and send the adenuim to all user. .

Take Care and Have Fun --John

 -------------- Original message ----------------------
From: Zhihao <zhihao () root sg>

Ironport is what you can look at. It offers very strong reporting features
and it can also give you the ability to enforce difference policies on
different group of users based on the AD or LDAP.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Matt Miller
Sent: Wednesday, 2 May, 2007 3:02 AM
To: security-basics () securityfocus com
Subject: outgoing email monitoring

hi list.
I need a solution to monitor the flow of outgoing email traffic for data 
leak/security concerns. The two objectives that i have are:
-monitoring and reporting -  who sends, how many and where to?
-possibility to temporarily put outgoing all e-mail on hold for 
reviewing by admin/user and releasing for delivery.

Any suggestions?
Thanks

Matt

Current thread:

outgoing email monitoring Matt Miller (May 01)
- Re: outgoing email monitoring Noaman Khan (May 01)
- RE: outgoing email monitoring Miguel Ramirez (May 01)
- Re: outgoing email monitoring Steven Hollingsworth (May 01)
- Re: outgoing email monitoring gjgowey (May 01)
- RE: outgoing email monitoring Zhihao (May 07)
- <Possible follow-ups>
- Re: outgoing email monitoring vachanta (May 01)
- Re: Re: outgoing email monitoring security (May 02)
- RE: outgoing email monitoring jfvanmeter (May 08)