Do You Allow Webmail Use on Your Network?

rtobyr asks: "I don't allow users at my organization to use any third party e-mail. When users complain, I point out that we can't control the security policies of outside systems. End users tend to think that big business will of course have good security; so I ran a test of the 'Big Four': Hotmail, Yahoo Mail, AOL/AIM Mail, and GMail. Yahoo Mail was the only webmail provider to allow delivery of a VBS script. GMail was the only provider to block a zipped VBS script. End users also tend to think that a big business would never pull security features out from under their customers. Of course, we know that AOL and Microsoft have both compromised the security of their customers. I don't know of any security related bad press for Yahoo or Google. Three of my Big Four either allow VBS attachments or have a poor security track records. So, if you are a network administrator, do you limit your users' ability to use third party e-mail, and if so, do you allow for GMail or other providers that you've deemed to have secure systems and reputations?"

Stupid

[dedazo]

I work at a very large company that allows unrestricted access to any webmail provider. Let me repeat that: You can use any webmail provider you want from within their network. So long as you use their proxy (obviously).

What's their secret? They take care of preventing stupid users from downloading crap themselves, meaning they scan at their proxy and/or firewall boundaries (I'm not a network admin here so I don't know exactly how it works).

This has been the policy for at least five years and they've never had a single problem. Never.

If a large financial services company can do it, I don't know why everyone else can't either. So you're asking the wrong question - instead, ask "how can I provide a better service to my users by allowing them to access their webmail and also maintain my network security?"

I've worked at companies that either completely or selectively block webmail access. Nothing personal, but you and other network admins like you suck rocks as far as I'm concerned. Trusting or distrusting the webmail provider because they do X or Y is supremely stupid because you're basically bending over for them and waiting for the inevitable vulnerability to show up. What, are you going to go to your CTO and say "well, I didn't trust Microsoft and AOL, but I thought Yahoo was OK! It's not my fault!"?

You should know better and you should do better. If you can't, just block all webmail and stop complaining about what other companies do or fail to do. It's your network and your responsibility.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:For business or personal use?

[Knara]

background: I've worked IT full/part time for about 10 years now (geez) from desktop to network admin to site managing

Statement: In my experience the number of network admins that have the ability to adequately and competently run a network that both allows computing freedom (in reference to how you are saying) and is secure is very small.

I'd also note that I've seen this setup work a lot better with Universities than with corporate environments. Mostly because, insofar as I can tell personally, the network/systems admins/engineers are more concerned with enabling safe but wide-ranging activities in the university environment, as opposed to the corporate environment, where anything not expressly allowed is forbidden.