Quick tips to limit sending mail to the wrong recipient
It happened to all of us: sending a mail to the wrong recipient. Or disclosing the other recipients to each other.
Let me show some quick tips that might help limit your users sending information to the wrong recipient.
The Dutch Data Protection Agency (Dutch: Autoriteit Persoonsgegevens) is responsible for the supervision of correct handing of personal data. This agency must be informed when there is a breach with personal data. It’s the agency that has its duties described within GDPR. So, it is extra painful when they themselves are responsible of a data leak. Over a year ago they mailed a press release (link to article in Dutch) to several journalists but used the Carbon Copy (or CC field) instead of the Blind Carbon Copy (BCC) in their mail solution. Now every recipient was aware of the other recipients including their email address.
I recently got reminded to this situation. This is just one example that of information sent to the wrong recipient (not just a BCC vs CC mix-up). It got me thinking on how you could help limit those instances with some easy and quick solutions. The best thing is that you can implement them right away and you possibly didn't even know about it!
Enable External Recipients MailTip
There is no direct warning when a user utilized the CC field. But in this case, the External Recipient MailTip could have warned senders. A Mailtip in most clients will pop-up when an external recipient is added in any recipient field and before the mail is sent. This wouldn’t have prevented this specific case but might have alerted the sender to check whether the sender is handling external recipients correctly. You can enable it with the Set-OrganizationConfig cmdlet:
Set-OrganizationConfig -MailTipsExternalRecipientsTipsEnabled $True
It's still dependent on the user noticing and acting, but it's certainly helpful if the mail correspondence has a lot of recipients OR a private mail address from your coworker was accidentally added.
Set Large Audience Threshold
Another thing that could help is another MailTip: The Large Audience threshold. If a distribution group contains select too many recipients (internal and external), a MailTip warns the user before it is sent. The sender could then still review the recipient list. The default value is twenty-five recipients, but you can change that with the Set-OrganizationConfig cmdlet:
Set-OrganizationConfig –MailTipsLargeAudienceThreshold 20
MVP Paul Cunningham has an excellent post on this feature.
Creating Custom Mailtips
You can add a Mailtip on each almost all mail(box) enabled objects. You can set it via the Exchange Admin Center or via PowerShell:
Set-Mailbox -identity <Identity> -MailTip "This is a default mailtip"
This is valuable if you need warnings on specific internal objects unrelated on how many recipients you've entered. Instead of Mailbox, you can use MailUser, MailContact, DistributionGroup and DynamicDistributionGroup. You can also add regional specific MailTips if required. Read this Microsoft article for more details.
Having given some MailTip examples, the downside is that users will filter them out if they are overused. And MailTips are only show in Microsoft clients (Outlook Desktop, On the Web and Mobile), not clients using Exchange ActiveSync or line-of-business applications using SMTP relaying. We might need some other tools in those scenarios.
Moderation or Transport rules
For formal communications like my example in the intro, Outlook might not be the best tool. There are specific (mailing) tools or services that might be a better fit. But those come with a cost and there are some smaller scale alternatives in Exchange. I'm thinking about message approval or moderation. With moderation you have someone else check the mail before it is sent. You have created a Two-Eyes process and that should limit mailing errors such as wrong recipients or faulty content.
For the example, I might have created mail contacts for each external recipient. Hide the contacts from the address book and add them to a Distribution Group with moderation enabled. When someone sends a mail to that Group, the moderator(s) will get a message with the intended message and must approve it before it is sent to the actual recipients.
But using contacts and groups with moderation isn't foolproof in every scenario. Transport Rules also can enable moderation and that opens quite a few possibilities. You can set a rule that everything sent out to external recipients from a specific Shared Mailbox (obviously with limited Send-As permissions), must be moderated by its manager:
New-TransportRule -From Info@contoso.com -SentToScope 'NotInOrganization' -ModerateMessageByManager:$true -Name 'Moderate This' -SenderAddressLocation 'Header'
It's worth investigating what Transport Rules can offer, so experiment with them (in your lab/test tenant) and read how Microsoft suggest implementing them for common scenarios.
So, MailTips can help your user to prevent errors before they sent the mails. But they do not work for every scenario. There is also a risk of overuse and that could lead to users not noticing that specific important MailTip. Object Moderation and Transport Rules offer message approval to a second set of eyes,
Obviously, there are more advanced solutions to prevent what are in a sense data leaks. Data Loss Prevention is one of those, although that is more focused on the content and certainly not foolproof. Information Rights Management or Azure Information Protection can set explicit permissions to mails and documents. But those solution are more complex, cost extra licenses and have their own pros and cons.
The tips I highlighted aren't foolproof but are available to all current supported on-premises Exchange environment and Exchange Online. They don't require additional licenses and are quite easy and quickly implemented. Neat right?
Have some additional tips? Let me know in the comments!