An employee of ours set up his gmail account to send emails as [email protected], which was fine, but now he has left the company and we have disabled his company account.
He is still able to send emails from his gmail account that appear to the recipient as from ourcompany.com. Is there any way I can block this?
Nope, that is not possible. You can use whatever you want in the "From:" header, you could maybe ask google to remove it from his account (you need to confirm your From address in gmail the first time). But there is nothing that stops him from using his old from-address in his desktop-client.
You could setup SPF records to tell remote mail servers that use it that it's not a legit mail.
Is it out of the question to just contact the guy and ask him to change it?
You'll need to find some way to revoke the verification required for him to send emails like that, which would have been part of the initial configuration he did :
http://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=22370
At the very least, you need to get him to remove the option from his account which hopefully would mean he couldn't re-verify it. If you can't manage this, then you'll probably have to contact Google. I'm sure this situation occurs fairly regularly.
First question is, of course, if this former employee is still emailing people with your company email address. If he is, you might be able to hold him liable for this, since he's no longer employed by your company.
You might also want to get some legal advice and file an official complaint to Google to ask Google to close this GMail account because he used it for your company. Now, with him gone, the account should be closed too, (or handed over to you) else customers might contact the wrong person. For this to succeed, a judge would have to approve this request and it will cost you some.
I would advise you to not allow other employees to use their GMail account for your company, unless they are willing to transfer those accounts over to the company once they leave the company. Using GMail should not be a problem, not if it's used for your company or just private usage. But once the two are mixed, your company will need a specific policy which will be enforced.
But if this former employee has removed the link between his account and your company and is just behaving nicely, there should be no problem with him keeping his account and you shouldn't really be bothered about this case.
I would advise you to set up a policy for using GMail accounts that are linked to company accounts! Tell your employees to either remove those links or be willing to give up their accounts if they ever leave your company. By using GMail for your company, it actually becomes a company resource, not a private resource.
It's just that the related costs when it comes to litigation tends to be expensive and success isn't guaranteed.
Of course even if you solve this from the GMail angle there's nothing to stop him setting up a standard POP3/SMTP account somewhere else and going into his mail program's options and changing the send as address. My ISP still allows this with absolutely no issue on their SMTP server and Thunderbird as a mail client (though I'm sure even Outlook let you change the sending address).
GMail actually gives you more protection as they do verify that you have access to the mail account before they start Sending As, there's absolutely nothing in the original mail protocols and SMTPs to stop this.
You may want to consider creating a filter on your corporate mail system to prevent the "verification" emails from Gmail required to add an account from being delivered to your users. This would prevent anyone else from configuring Gmail to send from @yourcompany.com.
Even if you remove the "google mail send as account" thing, email protocols are not really secure enough and it's easy to forge an email with the sender address you want. That's why google doesn't even bother, with this features I guess.