none
Restrict users to send passwords through email

    Question

  • Hi,

    We have a security policy that should restrict users to send passwords in the body/title of an email. How can I achieve that using Exchange Server 2010? Possibly using word filter?

    May be using Forefront for Exchange Server 2010? What could be other solutions to enforce the compliance?

    Is this even practical?

    Thanks,

     

    Wednesday, October 23, 2013 5:49 AM

Answers

  • I'd suggest it's not really practical, certainly in terms of scanning a message and blocking it if it contains a password. How would you detect a password within the text of a message without first knowing what the password was? Unless you somehow had the system comparing messages with a list of passwords, or had a password structure so rigid that you could programmatically detect a password from within other text (either of which would dramatically weaken your security) there's no way to know if a string of text is a password.

    You can't realistically search for the word password, since that would also stop legitimate uses, for instance users receiving a password from outside or instructions including something like "enter your username and password and then click Next".

    Wednesday, October 23, 2013 6:24 AM

All replies