I believe that this can be a serious breach of Confidential information. If I (working at the same company) don't know that when I send you email that it will leave the Corporate intranet I may send confidential or proprietary data to you, which would then cross the Internet and possibly be intercepted.
My take has been to forward the HEADERS ONLY offsite and deliver the entire email to the corporate address. While headers may give something away, likely it won't be much. Marcus James' said: Here's the situation: One of the companies I work at enables certain users to foward their email to an external address of their choice. So internal email sent to an employee may be fowarded externally to a hotmail account for example. What I am trying to determine is what the best practices are in this regard. My gut-feel says that this is not a good idea since email is "inherently insecure" and may be intercepted and so on and so forth. But on the other hand is this such a big deal? I'm not sure. A second question: Would forcing users to use a web interface to access their email instead be "more secure"? Thanks...
