Guide to Email Protocol and Policies

Create an email policy

Employees need to be informed of your company’s email policies, regarding sending or forwarding emails containing libelous, defamatory, offensive, racist or obscene remarks, false statements, confidential information, personal use, pornography, disclaimers and time frame of replies.

I recommend: Adapt the sample email policies at Email-policy.com, or purchase Fair Measures Internet and E-mail Policy and Procedures.  Incorporate in your policy suggestions for business email etiquette developed by Judith Kallos at NetManners.com.  Compose a disclaimer by customizing the samples at EmailDisclaimers.com and put it in your email message signature. You can also install Policy Patrol Disclaimers on your email server that will automatically add disclaimers to email messages.

Filter outgoing email with software

The more employees who have email the more difficult it becomes to ensure that the content they send is acceptable. The level of control you need will be determined by the type of business you operate; medical and financial businesses should be aware of the laws that affect the management and storage of information. Currently, most of the products available are for businesses that manage their own email servers using Microsoft Exchange.

I recommend: Install software, such as SurfControl E-mail Filter, MailMarshal, Proofpoint Messaging Security Gateway, MIMEsweeper, or ScanMail eManager, on your servers. For more compliance information, download SurfControl’s Best Practices for Meeting the Compliance Challenge.

Install appliances and gateways to control outbound email

Appliances and gateways prevent the wrong kind of outgoing email and help companies stay in compliance. Important features to look for are content management, searching, encryption and policy implementation.

I recommend: Install enterprise gateway appliances by IronMail MailGate, or SurfControl RiskFilter. For help determining specifications, use the ClearSwift Email Solution Selector.

Review email for errors before sending

Many an email has been sent with misspellings, poor grammar, strange abbreviations and harsh statements without editing. Your email policy should require employees to check all outgoing email for spelling and grammar via a grammar and spell checker. Outlook Express will only check for spelling errors if MS Office is installed. Often it may be easier to compose email messages in a word-processing software first and then copy it into email software.

I recommend: If you don’t have email spell-checking capabilities, install spell-checker software such as Spell Check Anywhere and encourage employees to use it when sending emails. If you use Web-based email, install the Google Toolbar, which will spell-check Web data entry.

Send credit card information only via secure methods or gateways

If your company accepts credit cards, you are required to use secure methods for credit card transactions and if there is a breach you may be fined or receive a chargeback. Email is not secure unless it is encrypted because it can be hacked.

I recommend: Check your network for vulnerabilities and credit card security compliance with a free PCI (payment card industry) test from ComplyGuard Networks, Inc. or a free tool from Qualys. Cybertrust and SecurityMetrics, Inc. are also providers of PCI compliance services.