Emeryville, Calif. – April 12, 2007 – Sendmail, the leading provider of policy-centric solutions for securing and authenticating business communications, today announced findings from its recently launched Risk Assessment service, reporting that more than 10 percent of email messages sent from within corporate networks were flagged as contravening policy in some way. The Sendmail Risk Assessment service analyzed in excess of a million messages over a 48-hour period from within a highly regulated government organization.

The Sendmail Risk Assessment program is designed to measure an organization’s current messaging compliance risk and enable it to plan a long-term risk management strategy that will protect its brand, reputation and competitive advantage – without impacting the quality of service within the email infrastructure. Because more than 65 percent of all SMTP email traffic in the world is routed through a Sendmail server, Sendmail is uniquely qualified to perform risk assessment testing on corporate messaging networks.

"Despite highly publicized data leaks, companies struggle to gauge what their risk exposure is," said Brian Burke, research manager of IDC Security Products Service. "Only a formal assessment of messaging networks can determine the risks an organization faces."

Other important findings from the policy triggered emails included: 55 percent were sent to high risk, non-institutional email infrastructures, 26 percent contravened data privacy policies and 10 percent leaked corporate IP in some way. In addition, 100 percent of email sent to personal webmail accounts, such as Yahoo!, contained attachments, which indicated to the security team that remote workers were bypassing internal controls by forwarding private information to their home computers in order to work outside the office. The organization in this case had to reconsider their overall policy on ‘personal use’ after witnessing the wide spread abuse of personal email.

During the assessment process, Sendmail pinpoints risks within the areas of security and compliance, utilizing its 25-year heritage developing messaging and operational best practices. The entire process is non-intrusive and is driven through an interactive workshop session with the key security, compliance and messaging decision stakeholders, followed by a 48-hour analysis period that tracks the real compliance risks taking place in inbound and outbound email. Following the 48-hour analysis, Sendmail provides its findings and a detailed roadmap to remediation in an executive report highlighting the violations and addressing the critical compliance, security and business stakeholder requirements. Once a company understands their risk, they can begin to educate and then apply policy management to begin preventing the inappropriate disclosure of sensitive data without making significant changes to their email infrastructure.

"The results found in this Risk Assessment were very typical of our engagements," said Kathleen Haley, Vice President, Field Services, Sendmail, Inc. "We work very closely with our customers to understand their risk and begin putting a plan of action in place. Because of our messaging security background, we are routinely engaged to solve these types of issues. The level of risk witnessed in this particular instance is something that all organizations should be aware of, across industries. Companies would be wise to assess their messaging infrastructure to benchmark their exposure, and then implement relevant policies and solutions to mitigate the risks."

Sendmail Risk Assessment is available now. To schedule an assessment, or for additional information please visit: http://www.sendmail.com/sm/wp/risk_assessment/