Export (0) Print
Expand All

Understanding Ethical Walls

Exchange 2010
 

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2009-09-30

An ethical wall is a zone of non-communication between distinct departments of a business or organization. This zone is established to help prevent conflicts of interest that might result in the inappropriate release of sensitive information .

An ethical wall typically spans multiple methods of communication, such as telephone, e-mail, postal mail, and direct person-to-person communication. To make sure that no communication occurs between those regulated by an ethical wall, some organizations go so far as to put whole departments on separate floors or buildings and to require that employees use separate entrances.

One example of where an ethical wall could be used is in an investment organization where brokers aren't allowed to talk to market researchers who may have information that isn't available to the general public. Because market researchers may have confidential information that might influence a broker, regulatory requirements frequently state that those two groups must be prevented from communicating in any way.

Exchange 2010 uses transport rules configured on Hub Transport servers. Correctly configured transport rules support ethical walls by helping to prevent e-mail messages from being sent between specific groups of recipients within your organization.

importantImportant:
Exchange 2010 includes features that may help you prevent breaches of an ethical wall. However, Exchange 2010 doesn't prevent individuals from using other methods of communication, such as private e-mail accounts located outside the Exchange organization, network file shares, or phone calls, to share information. Consider Exchange 2010 transport rules as part of an overall suite of tools or processes that you deploy throughout your organization to help enforce an ethical wall policy.

Transport rules are applied by Hub Transport servers across your whole organization. Because all the messages that flow into or out of the Exchange 2010 organization or that are sent within the organization pass through Hub Transport servers, you can consistently apply transport rules to every message.

It doesn't matter whether both the sender's mailbox and the recipient's mailbox reside in the same mailbox database, on the same Mailbox server, or whether their mailboxes are in separate sites. When the sender sends the message to the recipient, the message passes through the Hub Transport server where transport rules are applied.

In a typical configuration, when a sender tries to send a message to a recipient who is on the other side of an ethical wall, Exchange 2010 rejects the message and returns a non-delivery report (NDR) to the sender. By default, the NDR informs the sender that his or her message couldn't be delivered because of policy restrictions. However, you can easily modify the NDR by customizing the delivery status notification (DSN) code and message that are used in the NDR. This capability enables you to provide the sender with specific instructions or hypertext links that relate directly to the policies or regulations that prevented delivery.

For more information about how to customize DSN codes and messages that are used in transport rules and NDRs, see Associate a DSN Message with a Transport Rule.

The most common method of implementing an ethical wall is to make each affected mailbox a member of one of two distribution groups and then configure the transport rule to reject any messages sent between members of those two distribution groups. Before you use transport rules to implement ethical walls, consider the following important practices:

  • Route messages through a Hub Transport server   For transport rules to be applied to e-mail messages, a route must exist that enables the message to enter and leave a server that applies transport rules. Also, the message must not be subject to an administrator-configured transport restriction that prevents delivery of the message. If a transport restriction prevents delivery of a message, the Transport Rules agent can't act on that message. Also, Transport Rules agent events are logged.

  • Define an appropriate scope   Ethical walls can block all messages if you don't define an appropriate scope. When you create a transport rule to enforce an ethical wall, you must specify conditions to define which recipients and senders to prohibit from sending messages to each other. If you don't specify any conditions, you must specify exceptions to narrow the scope of the transport rule. If you don't specify conditions or exceptions, the transport rule will block all messages sent to or from recipients or senders in your organization.

  • Test transport rules in a test environment first   Before you modify existing transport rules or create new transport rules in your production environment, we recommend that you use a test environment to make sure that the modifications or new rules perform as you intend.

 © 2010 Microsoft Corporation. All rights reserved.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft