Skip to comments.Question about Send-As rights in Exchange
Posted on 08/30/2012 11:14:59 AM PDT by MeganC
I'm looking for some assistance with finding out why some organizations restrict the Send-As permission in Exchange/Outlook. What are the security risks in giving out this permission and what should an organization do to minimize those risks?
I'm looking to develop a policy for granting Send-As rights for a non-profit and your input would be most helpful!
Why some organizations restrict it? I think you should rather ask: why would an organization not restrict it? It gives one of your users permission to send mail as if it was from another user’s account. So, unless there is some real need for it, for example, with one employee that covers for another employee’s workload on certain days, it should be disabled by default. Otherwise, you would never know who actually sent any particular email.
The risk is the person doing the sending is an idiot and makes the person their sending as look like an idiot, worse still if they have an axe to grind. By and large you really only want to give this permission when there’s a secretarial relationship. Basically think like a pre-computer office, if person A wouldn’t be writing letters for person B to sign don’t give them send as permission.
This feature is often used in a scenario like an executive assistant or secretary answering emails for an executive (e.g. CEO, COO, etc.).
Usually you don’t want to allow it for regular users.