Fighting viruses and trojans is pretty simple these days. Here is the algorithm:

1. Block incoming attachments based on file type on the SMTP level. This is good for about 80% of all incoming nasty things – scr, exe, com, bat, VBS, doc, etc. Configure your mail server to reject the emails containing these (and similar types). The extreme case of this would be configuring the mail server to accept only specified attachment types – Zip files, PDFs, Jpeg, Gif, Tiff, PNG, Txt, HTML.

2. Install two or more anti-virus scanners on the mail server from different vendors. In this case, you will improve your chances a lot. If some virus won’t be in the database of one anti-virus scanner, it will probably be in the database of another.

3. Install anti-spam software on the mail server. Sometimes it also denies viruses.

4. Install anti-virus scanner on each workstation. Preferrable use a different vendor fro those used on the mail server.

5. Migrate all users to a proper email client. For example, I’ve heard that The Bat does not show HTML messages by default. Also disable autopreview of attachments and autoopening of emails.

6. Write a company police that would forbid users from opening attachments unless they have personally requested them. Educate your users about dangerous viruses and trojans. This is good to be done on a regular basis. For example, a “Virus of the week” article on the Intranet every Monday (start of the week is preferrable).

Our company has been following most of these steps and we haven’t had a virus for a long time now. And we do have A LOT OF EMAIL coming in.

NOw on to your other problem of properly formatted emails.

1. Migrate everyone to a proper email client. For example, Thunderbird complains when one tries to send an email without a subject line, or when the signature is more than 4 lines. Many other email clients can be configured to behave properly.

2. Educate your users on the subject of netiquette. Regularly. With example emails.

3. Configure your mail server to notify you of badly formatted outgoing emails. You can then talk to each user with examples of his own messages and how to properly reformat them.

For example the rule “do not open attachements from unknown senders” would match my needs. I just wanted to have more than that [if possible and there is a use of it]

On the other hand I would like to give em an advice on how to compose emails in order to make people on the other side read it [for instance: "always give a meaningfull subject to email" since many times I see mails comming even without any subject].

So, once again, this is not to restrict users, but to help them avoid doing stupid things and reduce the amount of headaich of IT :)

Your “Never open attachments that were sent to you without your own request.” good for every one :)

Regarding your filtering techniques – it is a very personal thing. Often it also depends a lot on the kind and quantity of messages that you are getting.

Two examples:

1. Technical support personnel. These guys mostly get emails from unknown senders. A question from this user, and a request from that user. They usually don’t have long discussions either. Sender-based folders would be a nightmare. You’ll get hundreds of new folders per day.

2. CEO or other management. These people might be getting emails from the one source only – their personall assistants. No need to move it to sender-based folders again, since all mail will end up in the single folder.

The best approach for the company is to provide employees with enough tools to process their email according to their likings. If someone wants a billion folders – let him have them. If someone wants all his mail in the Inbox – amen to that. As long as employees are productive and can keep up with their correspondence – stay out of it.

:)

lots of companies have policies regarding computer usage in general and email communications in particular. Enforcing the policy is another issue altogether. Of course, there are ways to bypass certain rules set by the policy. But the purpose of the policy is to guide users to do the right thing.

For example, the company policy might say something like: “Never open attachments in the emails that came from unknown sources.” And: “Never open attachments that were sent to you without your own request.” In this situation, you can’t actually enforce the policy. The decision of opening or not opening of the attachment is up to the user. But if the opens some stupid attachment which passed through the antivirus software and infects half of the internal network – he will be held responsible.

Other examples of company policies might include:
- disclaimers in the signatures (this can actually be done automatically)
- disclosing of confidential information (can’t be enforced effectively)
- mass mailings (can be controlled automatically to a certain degree)
- “politeness” level and stuff like that to the outside world (can’t be enforced)
- different attachment rules, like outgoing file formats, sizes, language encodings, etc…

company policies are usually set for different reasons. Antivirus protection is usually done on the server. “Nice messages” are not at all a concern in the modern business world.

Company policies are set to minimize the support. Imagine having 40,000 users on the internal network with every one of them having his own email client with custom settings. In case something breaks it will be a nightmare to troubleshoot. It is also difficult to teach employees to use the system when there are no guidelines.

It is not very clear what kind of rules you are looking for. If you need guidelines for writing nice emails, than Google for “netiquette”. It covers things like quoting, signatures, proper subjects, attribution, and the like.

But I can recommend my rules (it works). Move every known sender to separate folder and one folder for recent connections. Others mails have to be annihilated.

On company level needs redirect common email to receptionist (poor thing)