Business email security and the risks of personal Gmail forwarding

When users forward corporate emails to their personal Gmail or other accounts, it can be bad for business email security

    Requires Free Membership to View


It’s easy for employees to blur the line between business and personal in the bring your own device (BYOD) era -- especially when consumer services are easier to use than their business counterparts. Corporate users may forward their email to Gmail to take advantage of benefits such as nearly-unlimited storage space and higher attachment-size limits. Though email forwarding poses a threat to business email security, there are ways for IT to address the issue.

When a user forwards corporate email to a personal account such as Gmail, the content of that email leaves the well-protected corporate environment. The data goes to the cloud, where no one can guarantee that it is secure or compliant. The best way to ensure business email security is to prevent forwarding to personal accounts, but technology alone can’t solve the problem.

Business email security options

Users with Gmail accounts can retrieve corporate emails through Gmail’s Mail Fetcher feature. A convenient way for users to read mail from almost any mailbox, Mail Fetcher uses the Post Office Protocol (POP) to access inboxes. That means that users can forward mail from any email client that uses POP access to their Gmail inbox. The most effective way to prevent Mail Fetcher from accessing corporate mailboxes is to shut down POP access to corporate email.

More on business email security

Email security appliances that fight phishers and spambots

Email security and compliance best practices

Shutting off POP access is very effective in ensuring business email security, but in some cases it isn’t doable because the action could limit corporate email accessibility. If shutting off POP access isn’t an option in your environment, establishing a good rule for outgoing packets in your firewall may help. Add this rule on the mail server itself or on the corporate firewall that screens incoming and outgoing traffic. But be aware that this only works if your domain name system is set up properly and can successfully recognize Google servers.

To implement an efficient technical option to stop email forwarding, IT needs cooperation from users. If users in your company aren’t willing to help you with business email security, then there isn’t a technological way to solve the problem.  Implementing a fair corporate policy outlining the dos and don’ts of storing corporate email is an effective way to ensure that your mail will be at less of a risk.

Like SearchConsumerization.com on Facebook.

This was first published in March 2012

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.