Bad Site Mail in Company In box. Small company's legal Obligation????? 1

[shutech]

Hi,

We are a small company with about 35 machines and Internet E-Mail for all employees. Recently we have had an employee take offense to "bad site" content in her company Internet E-mail box. We have to address the issue and was wondering how other companies handle this and what companies and and the legal sytem perceive as appropriate response to this inquiry. If anyone has any reference or insight into this it would be appreciated.


Thank You.

 

[Davetoo]

State/local laws will differ, of course, so you'll eventually have to check with a local attorney.

My question is, where is the "bad site mail" coming from? Is it spam coming into her mailbox, and she's offended at the company for this? Does she expect the company to prevent 100% of "bad site" spam from entering her mailbox?

 

[shutech]

The email was an ad for a "bad" site with "bad" photos. It came in as spam from outside the company. I also beleive it had the never ending popups associated with it. I don't know what she expects and won't speculate on her intentions. But we do have an internet policy in place that states that internet resources are for company business. As the company employee that is in control of the Internet (If you want to call it control), I need to make sure that the company is doing what it is deemed proper to do. One is the company doing what it needs to to address spam particualarly offensive spam in general, and two I am taking serious and following up an employees complaint.

Thank You

Michael

 

[shutech]

Also one of my solutions is to give the employee a new email address, But this opens up a HUGE can of worms as evrytime this happens a new address or do I state and reiterate that the only way to get this this stuff is by giving out your email address to sites, as no employee has any need to give out their address to any site for business purposes outside of a half dozen companies that don't redistribute email lists.

Thanks

Michael

 

[Davetoo]

You're going to have to check with a local lawyer on this one.

This is the land of the offended, so this doesn't surprise me in the least. The only thing you can probably do is make a good faith effort to prevent the spam by deploying mail filtering software, but nothing is 100%, so the users will just have to take the time to use the delete key. But, some people will still be "offended" that "bad site" spam arrives, blame the company, and probably enlist the services of their local shady lawyer just to make a quick buck.

Unfortunate, but true.

 

[shutech]

Thanks for the Info. We are a litigious society that's for sure. I was also wondering what other Companies have done to prevent this or try and prevent this. I am not really trying for legal advice but investigating how far good faith has to go by seeing what precidents other companies are setting out there such as Blocks, Filters, Monitoring and Such. or if it isbeing addressed at all. My thing is we are a small company and it is just one more IT function I might now HAVE to address with resources and my time. Policy might not be enough even though Blocks, filters and monitoring opens up their own can of worms. Good faith is what I am aiming for here.

 

[Davetoo]

We're a medium sized company that hosts our own mail server. We have the software to screen incoming e-mail, however, we have not deployed it. We have told our employees that receipt of such e-mail is possible, and that they should delete it immediately. We have a policy against discrimination/harassment to prevent an employee from having say a screensaver of naked men, and also a policy against dissiminating harassing or offensive material via our mail system. We can not, of course, have a policy against receipt of such via spam.

If you are interested in trying to block it, I believe GFI has a package, as well as the one we use, Symantec for Exchange (we use Symantec for our anti-virus as well, I like it).

Good luck.

 

[ashpp]

>Recently we have had an employee take offense to "bad >site" content in her company Internet E-mail box.

I think its important to remember its probably her own fault.

I have 3 email addresses:-

One for work - never gets entered on any web site, never used in newsgroup only given to people i know personally. I have *never* had any spam in 2 years.

One for personal - gets released to some websites, use newsgroup with spam filters. I get a little spam.

One throwaway - used on any website, newsgroup, listed on websites etc. Gets tons of spam.

If you don't enter your address on the internet, don't post with it, don't place it on websites, and only use it for sending work related emails - its 99.9999% impossible to get spammed. If she is getting spam, then most likely she has signed up to something on the internet.

On any email servers I run, I get them to accept a acceptable use policy of "work related" only usage. They are welcome to use their own email address for non-work related/personal emails.

No spam ever comes into my email systems - apart from our global addresses that are listed on the websites. (Open Relay blocking removes the majority of spam to these addresses)

Ash.

 

[QldSugardaddy]

We have a policy for electronic media that says if you do not know who the email is from, delete it. If users open an email and it contains a virus, they are liable.
I am not saying that this stops the opening of emails and attachments, but it takes the responsibility from the company. If I were you, i would check the wording of your policies, as if she has signed up for something from the internet, she is to be blamed for her spam. if you move down that avenue, i am sure she will back off. When in doubt, kick 'er in the guts

 

[ashpp]

> , and two I am taking serious and following up an
> employees complaint.

Tell her the only way to deal with this complaint to a 100% resolution is to remove her internet access. Or at least limit her emails to internal only - give her no external send/receive access.

Ash.

 

[joegz]

We currently use 2 different blocking services, though this may change to be more or less in the future, depending on what are the most successful methods. Currently we are using filters supplied by mail-abuse.org and ORDB.org.
How successful are we? It varies. Obviously some spam gets through and it will always get through. There are days we block a few thousand mails On other days, I have seen as much as 20-30,000 mails blocked.

What we cannot block: Spammers get smarter every day. The trend is to have the From: address and the Subject: and the relay host change with each and every mail. It becomes very difficult to target this sort of mail.

After that we leave it to the clients to setup their own filtering to reduce spam that reaches there inbox.

Employees who are "offended" in my experience caused the SPAM problem themselves yet want to take no responsibility for their actions. So we try to filter the rest is up to them.

Except for a one or two states and under certain conditions there are no laws again SPAM at this time. Would be the same as getting a flyer in the mail for something you didn't want. What is the person going to do? Hold the postal service liable for delivering such mail? Not possible.
joegz
"Sometimes you just need to find out what it's not first to figure out what it is."

 

[makai]

If using Exchange 5.5 as your mail server:

If the spamming is coming from a single domain, or a few, block them at the IMS level on the Connections tab > message filtering.

However, this does not solve the route of the problem, which is internet free roaming.

Also, as someone has mentioned, having a policy in place that tells you to delete an email if you do not know who it is from may not be a great virus solution, as most email borne viruses are propogated via address books; and will most likely be sent to you inadvertently by someone you know.

Personally, I think that this is a job for your HR department to tackle. They should be writing up a policy and letting you enforce it, whether that be with some new surfing software (

http://www.surfcontrol.com

is highly recomended) or just good old draconian limitations on your users.

Tricky.

Good luck

Cheers

 

[jenlion]

Ashley is exactly right. I agree that, more than likely, your employee brought this problem on herself by sigining up on a non-work-related list. The minute you do that, you're done. Shame on her for signing up for vacation deals, or gambling, or whatever, and then complaining about it.

If you've got about $2000 to blow on this problem, and you don't already have a firewall, you might try the Watchguard 500 (I just saw one for $1300 at CDW, you might have to call a sales rep to get the price that low) with SpamScreen turned on. The Watchguard is a great firewall, comes with VPN, allows web content filtering, etc. Very easy to use. The SpamScreen to add to it is around $700. I don't know how well the SpamScreen works -- I've heard some good things about it at least -- but it would more than constitute a "good faith" effort to protect your network and block spam.

There are cheaper solutions, of course. There are even shareware programs for filtering spam at the desktop. I like to combine scanning for most at the gateway and then tweaking it even more at the desktop when spam is a big problem.

 

[cjernigan]

Pointing the finger of blame at the employee is probably a bad idea. There are many bots out there that find your domain name. Once they have a domain name, they can begin spamming your domain such that they send to a_adams, b_adams, c_adams, aadams, badams, cadams, etc. Then well intentioned employee clicks on "Remove me from list" which validates the email list and suddenly they find their inbox flooded with spam.

 

[ashpp]

Cjernigan,

While this occurs with domains such as hotmail.com, and other mail providers. This generally never occurs with your own domainname.

Ash.