Instead of going to the IT guys and risking having them make the block even worse, could anyone make any possible suggestions?

Instead of going behind the back of your IT department, you should talk to them or your manager instead. The IT crew works for your company, too, and they might not even be in control of the policy in place. Maybe they are. Either way, if it's company policy, you shouldn't try to usurp it on your own. (Being on the wrong side of the IT people is a bad place to be, and this is a sure-fire way to accomplish that.)

If it's being blocked, there's a reason, even if it's a bad reason. Talk to them or discuss it with your manager. If the block turns out to be unintentional, they can fix it and everyone wins. If it's policy, you don't risk losing your job when they find out you subverted it and you get reported.
posted by secret about box at 3:23 PM on May 1, 2008

If you have almost any smartphone, you can access Gmail through that. That would keep you from violating any IT policies. But the real answer is to ask them why they're blocking Gmail, and see if they'll either change the policy or make an exception for you (assuming you have valid business reasons for using Gmail).
posted by me & my monkey at 3:27 PM on May 1, 2008

Perhaps its blocked for a reason. You can do ssh tunneling with putty and an ssh server somewhere but you really need to decide if doing this is smart. Are you prepared to have your next question be "Help me find a new job ASAP!" Perhaps you should be spending some time using the software they offer you. I deal with a lot of people who hate this and hate that all becuase they never got off their butts to learn it.
posted by damn dirty ape at 3:36 PM on May 1, 2008

You can change your Gmail settings to forward your messages to another email account that isn't blocked by the IT dept.
posted by HotPatatta at 3:41 PM on May 1, 2008

Off the top of my head, the basic solutions are to proxy, tunnel, or use a vpn.

You can search for free web proxies, or use something like anonymizer, and configure your browser to use it. If the proxy's not blocked, then all your local network sees is that you're having a lot of traffic with the proxy (but, usually, your real destination is included in the request as a URI parameter, so if a human looked at the log, it would be crystal clear exactly what you were doing.)

You can download and run the putty ssh client as a simple executable -- no admin rights for installation necessary. I haven't done this in Windows, but putty should be enough to set up an ssh tunnel (other ingredients necessary: somewhere, you need a powered-on machine with a reasonably fast net connection running an ssh server and some sort of web proxy like squid or privoxy.) Now, all your network admins see is that you're exchanging a lot of encrypted traffic with your remote box -- they know when you're doing it and how much data is being exchanged, but they don't even know it's web traffic.)

Finally, if you have access to a vpn server running somewhere (use of them is commercially available), and you already have a vpn client installed, you could use that. As with ssh, network admins would just see a quantity of encrypted traffic without knowing its nature. Odds are you'd need admin access to install a vpn client, though.

Note that everything I said about what the admins could see applies only to what observation of your network traffic alone would reveal. Your IT department also has administrative access to your box, which means they can know as much about what you do with your computer as they want. They could record every keystroke; they could make movies of what's on your screen. You have no reasonable expectation of privacy in how you use their equipment, and they wouldn't have to warn you if they were doing this (at least, as I understand the legal status of this in the US -- your profile doesn't say where you are.)

So I'll echo what the others have said... I don't recommend deliberate circumvention of your IT department's policies, and, thus, recommend ignoring my other advice.
posted by Zed_Lopez at 3:51 PM on May 1, 2008

I have gmail forward all mail to my work address for this reason. Great for reading, but I can't reply as my gmail account.
posted by spikeleemajortomdickandharryconnickjrmints at 3:57 PM on May 1, 2008

Seconding forwading to your cell.
posted by roomthreeseventeen at 3:57 PM on May 1, 2008

What's your work email client?

Off topic, but installing Firefox is not a simple change. For example, depending on the applications you run in that environment, having IE as the primary browser might be the only option. Speaking from my own experience, we have certain medical record management programs that require IE, and simply won't run on Firefox. (And believe me, I've tried, because I prefer FF.)
posted by Liosliath at 4:03 PM on May 1, 2008

I doubt the IT guy would change it as he's already refused to make simple changes like installing firefox or fixing something else so I ain't expecting much on this one either.

In fairness, those aren't necessarily "simple changes." Most decisions that IT people make do, in fact, have some basis in the needs and requirements of their organizations.
posted by me & my monkey at 4:05 PM on May 1, 2008

IT can probably grant you an exception to the rule that blocks GMAIL if you have a legit business need. You will need a static IP and an exception on the firewall; its a pretty elementary task.

That said, I've been an IT Consultant in a variety of organizations and industries and in every single one of them, defeating or trying to get around network security settings was a firing offense. So if you go the route of using some of the methods listed in this thread keep in mind how high the stakes are for you.
posted by Deep Dish at 4:13 PM on May 1, 2008

Besides that chat option, isn't one of the problems with Gmail (and other webmail clients) that users are able to download attachments, which may be infected with viruses, etc?
posted by KokuRyu at 4:21 PM on May 1, 2008

I have the same problem here (and I work in I.T.) - solution - nthing gmail on your mobile (or cell) phone - as long as your phone supports java, you can install the mobile app (check out http://www.google.com/mobile/mail/index.html)

I use it, it doesn't seem to use much traffic. Its not easy to respond to emails, but at least you can read them!
posted by Admira at 4:22 PM on May 1, 2008

Here's the site for LogMeIn. I've used it before, it works well. I have a couple of clients that use GoToMyPC, and say it works pretty well, too.
posted by Liosliath at 4:25 PM on May 1, 2008

(I am the person in the IT-ish sort of role in the office.)

Recently, streaming radio was blocked. Why? Not because I hate music. Because the powers that be were wondering what was up with surfing the net being slow and some stats were run and it turns out when you've got an office of 150 people and a third of them are listening to various streaming radio stations, you're going to have a bandwidth crunch. So it got filtered. Of course people came to me. But I don't run the office. I told them to go to management and ask for the filter to be turned off. Not one person did.

As social networking sites spring up, they get blocked (facebook, myspace, etc). Not because I hate social networking site (though I do) but because the boss was walking around and noticed a bunch of people not working and poking each other and writing on walls and sending messages to this Tom guy. Solution? Block them all. People ask me if I can unblock them and of course I can. But if the boss catches someone surfing facebook, he's going to wonder why I intentionally undid what he told me to do, so someone can find more ways not to work.

Bottom line, if you want access to a site, your IT department probably has a procedure in place to ask (with a blank for "business reason") that gets filtered through some level of management. Submit your request. If you're not comfortable asking management to rubber stamp your request, don't ask your IT department. Chances are they didn't block it just because they had nothing else better to do.

Is someone checking their email once a day going to put the company out of business? Probably not. Was this unfiltered internet policy at your workplace ruined by one person who spent far too much time on gmail? Maybe. Would companies be a better place to work at the internet was never filtered and companies trusted their employees to not surf too much and still get their job done? Sure. But you really can't dictate the rules and policies of your office if you're just staff. So people like you and me need to play by someone else's rules. If you want a rule changed, ask the person responsible for the rules, the boss.

(This ignores the fact that webmail may be locked down as a security measure, as well.)
posted by Brian Puccio at 4:33 PM on May 1, 2008 [2 favorites]

Google Apps for your Domain? They will even sell you a domain for $10/year. If you do that, you access your gmail through mail.yourdomain.com. You would have to either switch to a new gmail address or forward your old address to your new one.
posted by Rock Steady at 4:35 PM on May 1, 2008

fantasticninety: I doubt the IT guy would change it as he's already refused to make simple changes like installing firefox or fixing something else so I ain't expecting much on this one either.

I have the same setup at work. Perhaps mine is even more restrictive- I can't install anything, I can't save to C: (only to C:\Documents and Settings\me\Desktop) and everything reloads the same every morning, so anything saved is gone. Obnoxious, yes, and IT probably got told they had to do this.

Yet I'm in Firefox right now, I check my email in Thunderbird, I edit my (illicit, shhh) code in Notepad ++, I edit photos in GIMP and ImageMagick and text in OpenOffice Writer, and I view PDFs with Sumatra; none of these programs are technically 'allowed,' and we're all told we're not allowed to install anything. (Which is odd, since my job is editing images and text and uploading them, and all I have here is Paint. But I know they're busy...)

How do I do this? PortableApps. Just get yourself a USB drive. They're free, they've got a huge suite of extremely usefult software, and they have the added benefit of being available to use on any computer you wish to use them on.

Just get 'em, and you can use Thunderbird to look at your mail, assuming it's POP or IMAP. Just by the by, what kind of mail do you have? You only say it's awful. I imagine you would've said so if it was Outlook.
posted by Viomeda at 4:37 PM on May 1, 2008 [2 favorites]

To the "portable apps" crowd: You're assuming that the organization in question isn't using application-control software as part of their standard image. App control software provides administrators with a way to "whitelist" a standard set of applications, and allow only those apps to run. Application not on the approved list? Access denied, and administrator notified. A lot of enterprise anti-virus apps have this function available to administrators.

(In the interests of full disclosure, I should state that I am the product manager for an application that implements this feature.)
posted by deadmessenger at 4:44 PM on May 1, 2008

Google apps won't work-- mail.yourdomain.com redirects to mail.google.com/a/yourdomain.com.
posted by alexei at 5:47 PM on May 1, 2008

OK, here is the surefire way to do this:
- Get Hamachi and install it on both computers, and make your own network
- Join the same network at work, use a password too
- Get RealVNC installed on both computers, the free version, thats all youll need
- Start the VNC Server on your home computer
- On your work computer, connect with the VNC Client to your home computer, using the IP you get from Hamachi

After doing this, you'll have a fully encrypted virtual desktop on your home computer. You'll basically have a window on your computer with what you'd see on your home monitor in it. Browse freely! If your firewall is really that bad, it might block hamachi, but that's iffy as hamachi uses random ports. They would need heavy duty packet inspection to shut it down. This will work shitty if you have anything less then broadband at home (ie dialup). Godspeed. You can mefimail me if you need any help. You can do this with a mac too, just substitute RealVNC with Chicken of the VNC. Hamachi is a bit harder to set up on mac too, but doable.
posted by Mach5 at 5:49 PM on May 1, 2008 [1 favorite]

I currently work for a company that is as restrictive as fantasticninety's. I just had an exit interview with the IT department. I asked why all webmail clients were blocked - it seems that it's not the time wasting issue, but that webmail is a vector for uncontrolled attachments.
posted by scruss at 7:25 PM on May 1, 2008

As a security guy for a corporation that has to help make and implement some of these policies, I can say that what scruss says is right on - 95% of the viruses that make it into my workplace are from people using their personal webmail from the office, and downloading attachments. (Because most of them are SSL-enabled, we have a harder time scanning the downloads from webmail services at the proxy.)
The other reason we would _like_ to get the policy changed to completely disallow webmail access from the workplace is because we have strict policies regarding what information can go in and out of the workplace via e-mail - customer account numbers, etc, are automatically caught and encrypted by the e-mail system - but all it takes is for one employee to decide to circumvent that system and use their webmail to perform a business transaction and send out a list of account numbers or other personal information, and you've got one of those n-thousand-person identity leaks that you keep hearing about on the news. Not a good thing.
Just something else to consider when you start asking how to circumvent workplace policies.
posted by jferg at 8:53 PM on May 1, 2008

If they're blocking Gmail because of chat, then they will probably not be bothering to block connections to Google's mail servers on ports 993, 465 and/or 587. Just connect your local email client (yes, even Outlook will work) to your Gmail account via IMAP.
posted by flabdablet at 8:54 PM on May 1, 2008

You should tell your IT people about this article explaining how to block Gmail Chat without blocking it for email. If you can convince them to do this, but unblock mail.google.com, you would still be able to use it.
posted by sergent at 9:12 PM on May 1, 2008

Bottom line, if you want access to a site, your IT department probably has a procedure in place to ask (with a blank for "business reason") that gets filtered through some level of management.

The OP works in a school, not a corporation. If it's anything like the school system where my mother works, the IT department is probably one sort of control freak guy with little to no oversight, none of it from anyone with any kind of technical knowledge.
posted by advil at 9:19 PM on May 1, 2008

I think you said this was for a school . Schools have rules about archiving emails and them being subject to FOIL requests etc. If you are having your school email with parent communication going to a google account, there could be legal issues and your google account could be subject to a disclosure request. I would not comingle my school (or any work email) with my personal email. No good can come of mixing the two.

I second using a smart phone. I have the mobile gmail app on my blackberry that works great. I also have an IT department that refused to let me use FireFox. Initially, they told me because they did not have the ability to turn it on or of or some other such bs. I tried a jump drive just to see if I could run it, and it got blocked. I did continue thge discussion over several weeks and managed to convince them that I should get an exemption from the rule. They relented.

I would ask nicely rather than circumventing the system.
posted by JohnnyGunn at 9:24 PM on May 1, 2008

As for the fact that you can download attachments via Gmail, you can also do that with the web email work allows me to use so I don't see any difference.

Somebody already mentioned it's difficult to scan SSL traffic - users can download attachments from Gmail with no oversight.

However, your work webmail is already overseen by the IT admin staff, who can customize their own filters on incoming traffic to scan and block dangerous attachments. They have more control over work email than Gmail.
posted by KokuRyu at 11:31 PM on May 1, 2008

For those who wonder why their admins don't necessarily allow Firefox, thank the lack of an MSI (Windows Installer) for easy deployment, the "salted" profile directory that makes standardization difficult, and the preferences being stored in javascript files making management of settings via Group Policy impossible (without the use of a modified setup like the one from FrontMotion).
posted by JaredSeth at 3:10 AM on May 2, 2008

Gmail is blocked at my work too, but the personalized Google homepage is not, so I can see a preview of my email there, and if it looks important, I check it on my phone. This way I don't use my phone minutes checking for email that isn't there or is spam.
posted by desjardins at 7:17 AM on May 2, 2008

As HotPatatta sais
You can change your Gmail settings to forward your messages to another email account that isn't blocked by the IT dept.

Then you can check mails from that account and you won't be violating any policies.
posted by WizKid at 7:58 AM on May 2, 2008

I'm surprised that nobody has mentioned gmail-lite. There are lots of these around - they are essentially gmail relays. You log in to one with your normal gmail ID and pwd and it fetches your mail for you and relays it back to you. It's a set of php scripts running on a server that doesn't look like it does webmail, so is not blocked by your firewall. Google "gmail lite" and you'll find plenty.

It's not perfect. For example it doesn't show graphic elements in the received mail. But, it does get the job done.

If you are concerned that you're exposing your gmail password, a couple thoughts...

The php scripts, as released, do not squirrel away user's passwords - they're simply passed through to gmail to log in, and not retained.

If you are concerned that the gmail-lite installation you are using has been hacked to do such a thing, you can always run your own gmail-lite if you have access to your own server, which is what I do (more for the satisfaction than for the worry factor). If you know your way around WAMP or LAMP, then installing gmail-lite is a breeze.
posted by johnvaljohn at 8:06 AM on May 2, 2008

It's more complicated than I originally thought!

That's why you have an IT department.
posted by flabdablet at 12:02 AM on May 3, 2008 [1 favorite]

Our IT department recently started blocking all web-based email sites. They consider it a security risk. Annoying, I know.
posted by radioamy at 9:53 PM on May 3, 2008

This thread is closed to new comments.