Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-04-24

This topic describes ethical walls and how Microsoft Exchange Server 2007 helps you configure ethical walls in your organization.

What Is an Ethical Wall?

An ethical wall is a zone of non-communication between distinct departments of a business or organization to prevent conflicts of interest that might result in the inappropriate release of sensitive information.

An ethical wall typically spans multiple methods of communication, such as telephone, e-mail, postal mail, and direct person-to-person communication. To make sure that there is no communication between those regulated by an ethical wall, some organizations go so far as to put whole departments on separate floors or buildings and to require that employees use separate entrances.

One example of where an ethical wall could be used is in an investment organization where brokers are not allowed to talk to market researchers who may have information that is not available to the general public. Because market researchers may have confidential information that might influence a broker, regulatory requirements frequently state that those two groups must be prevented from communicating in any way.

How Does Exchange 2007 Help You Implement Ethical Walls?

To help you configure ethical walls, Exchange 2007 uses transport rules that are configured on computers that have the Hub Transport server role installed. As explained earlier in this topic, such ethical walls are designed to prevent e-mail messages from being sent between specific groups of recipients within your organization. 

The information that is contained in this topic describes features that may help you prevent breaches of an ethical wall. However, Exchange 2007 does not prevent individuals from using other methods of communication to share information. These methods include, but are not limited to, the following: telephone calls, networked file shares, or private e-mail accounts that are located outside the organization. Exchange 2007 transport rules are intended for use as part of an overall suite of tools or processes that you deploy throughout your organization to help enforce an ethical wall policy.

Transport rules are applied by Hub Transport servers across your whole organization. Because all the messages that flow into or out of the Exchange 2007 organization or that are sent within the organization pass through Hub Transport servers, you can consistently apply transport rules to every message. 

It doesn't matter whether both the sender's mailbox and the recipient's mailbox reside in the same mailbox database on the same Mailbox server or whether their mailboxes are in separate sites. When the sender sends the message to the recipient, the message passes through the Hub Transport server where transport rules may be applied.

For more information about transport rules and how they are applied in an Exchange 2007 organization, see the following topics:

In a typical configuration, when a sender tries to send a message to a recipient that is on the other side of an ethical wall, Exchange 2007 rejects the message and returns a non-delivery report (NDR) to the sender. By default, the sender is told that his or her message could not be delivered because of policy restrictions. However, you can easily modify the information in the NDR that is returned to the sender if you customize the delivery status notification (DSN) code and message that are used in the NDR. This enables you to provide the sender with specific instructions or policy hypertext links that relate directly to those policy or regulations that prevented delivery.

For more information about how to customize DSN codes and messages that are used in transport rules and NDRs, see Associating a DSN Message with a Transport Rule.

Implementing an Ethical Wall

Because transport rules are highly customizable, how you implement an ethical wall in your organization may differ from how other organizations implement ethical walls. However, the most common method of implementing an ethical wall is to make each affected mailbox a member of one of two distribution groups and then configure the transport rule to reject any messages that are sent between members of those two distribution groups.

For more information about how to configure an ethical wall, see How to Configure an Ethical Wall.