We have an attachment policy that blocks and strips out ZIP files. I work in the financial sector, so we tend to get customers emailing PDF files which have been compressed into a password protected ZIP file.
When this happens, the staff member comes to IT and asks us to "release" the attachment, which we cannot do. Therefore, we have to inconvenience our customer by asking them to resend the file. During this time, we move the staff person to a new security group which permits the attachment type in question. There are a number of issues I have with this:
- IT is still unable to review the attachments prior to permitting delivery to the staff person (and subsequent opening of attachment). Yes, I know we could ask the customer to send it to a generic email address, but then this doesn't provide a good feeling of customer service for them.
- We are asking someone to resend something, which is a huge inconvenience to them. We should be able to "trap" the attachment rather than just dump it and then have them resend.
- We are allowing staff people to get around the attachment policies for a given period of time, which exposes their inbox and defeats the purpose. We have to manually remind ourselves (usually via support ticket infrastructure) to remove this access.
- We can "quarantine" attachments that violate the policy, but this totally defeats the purpose since staff are easily fooled into thinking that someone is sending them a credit app when in reality it's a malware embedded PDF. They will just release whatever they want.
- We were previously able to trap attachments for review, and then release without having to have the original email resent using our old product from Postini...so this is a bit of a feature regression for us
What I would like to be able to do, and hopefully this is possible now and I am failing to see how, is to send attachments that violate the policy to a quarantined location. From there, IT could "release" to the original recipient. This seems like a no brain-er feature for enterprises managing email security?