We all carry certain expectations about email from our private lives into a corporate setting. Some of those expectations are met, but in other ways business email is very different from consumer email. These differences can be confusing at best and, at worst, lead to major problems for organizations.
The Inside and the Outside
To begin with, business email is nearly always operated by or for the business, as a dedicated domain with a clearly defined “inside” and “outside,” bounded by a gateway. Inside the boundary, the business has rights and expectations of control over the information, while anything can happen outside. Consumer email may be viewed as “always outside” in this formulation. Business email that traverses the gateway, in either direction, may be subject to a variety of checks, restrictions, and other processing.
Conceptually at least, a business has complete control over any information that traverses the gateway. In practice, however, such control is often incomplete, ineffective, or absent, usually due to a lack of resources devoted to administering the gateway. Among the likely jobs of a gateway are:
• Spam filtering. This is typically done in both directions—to prevent outside spam from getting in and to prevent internal machines (perhaps hijacked by a virus) from sending out spam and sullying the business’ reputation.
• Data Loss Prevention (DLP). Whether accidental or intentional, it is not uncommon for employees to send sensitive information outside the company. If a company can define the characteristics of sensitive information—which could be as simple as the words “Do Not Redistribute”—then the gateway can enforce restrictions against sending such information outside the company.
• Large file modification. Internet email has length limitations that seem small by today’s standards and, worse, vary from site to site. Email messages that total more than ten megabytes are highly likely to fail without being delivered. As an alternative, gateways can replace large file attachments with simple links and make the files available from a web server, with or without some kind of user