How could one archive all emails sent from employees?

email hosting small-business

7,547

Solution 1

I won't take part in the debate, but here is the how-to for Postfix - in the main.cf file, add this line:

sender_bcc_maps = hash:/etc/postfix/conf/sender_bcc

and into the sender_bcc file:

@yourdomain.com [email protected]

Thus, every time someone from the domain sends an email, the bcc_account will receive it

Solution 2

Many companies have legal obligations that require they keep a copy of messages sent and received by their employees. Because this is such a common request, pretty much every viable, business-class email platform has some form of archiving either built in or they provide the necessary hooks for third parties to add those features.

If GoDaddy does not provide archiving as a hosted service upgrade, you have limited options. Many other mail hosters do provide this service for an additional fee per mailbox. Typically, the company compliance officer(s) is given access to a web interface through which they can do discovery and review messages and typically there are some basic filters/reports built in.

It sounds like you're looking for something less formal and more ad-hoc and that the employer doesn't have legal reasons for this access but is instead a control-hungry pig. Luckily for his employees, implementing something like this at the client level is tough. I can imagine some ways of doing it but without knowing a lot more about the customer (are they using GoDaddy's POP/IMAP hosting or their white label Exchange hosting?, how are the clients configured for outbound mail? etc), I can't give you any more info.

Solution 3

I just implemented a mail archiving solution for a client a few weeks ago. We went with a 3rd party called Smarsh. Their primary focus is the finance industry (Sarbanes-Oxley and the like). In this case you would have to switch to hosting your email on their servers since you don't have an onsite email server. Rates are around $15-20/user/month. Once you do, they automatically archive all incoming and outgoing emails. You can also upload employee emails to your online archive using PST files.

You can find them here: http://smarsh.com. Alternatively you can host your own email server onsite and change your DNS/Email settings so that all incoming and outgoing emails go through Smarsh.

You may want to do some comparison shopping by Google-ing "email archiving" and see the various companies out there.

Solution 4

There can be many reasons for this - in many jurisdictions emails are or can be business documents and thus must be kept for sometimes x years.

Anyhow, your client needs to get real here. BCC to him is useless - if it is for legal reasons. He needs to get a business email platform with archiving functions. THis rules out cheapo and interesting enough pretty much every Linux MTA.

The client must:

BLock all SMTP conversation on his firewalls to make sure this is not bypassed
Run all email through a proper class email system. If he is too cheap to pay for Exchange himself (SBS is relatively cheap, seriously), he can do so for example by renting exchange mailboxes from a hosting provider WITH THE PROPER ARCHIVING FEATURES.

It really runs down to the need of a business platform. GoDaddy, pretty obviously, does not provide such features, so the client has to move on. Like always in life, the cheapest most crappy offer may simply not do what is needed ;)

That being said, there are also ethican considerations. In most jurisdictions it is illegal for the boss to do get readable copies without the employees being notified about it (make them sign a paper they are informed). While the boss has the right to read all business emails, notification of employees that correspondence is monitored may be required. This is different for a proper archiving solution, as this merely makes sure emails are kept, but does not automatically allow access to them.

Solution 5

I work for a company which has legal obligations to archive all of our email for multiple years. In our case, we're required to show that our system captures everything sent to our users. Something like a BCC would definitely fail since this is a manual method which could leave out email intentionally or accidentally.

We chose to have another company (Microsoft Forefront) filter and archive our email. From a regulatory standpoint it was just easier to show that we were complying with the full legal requirements. If your client has these same types of legal obligations and is attempting to do this on the cheap, I think he'll find that the hassles associated with internal archiving far exceed the costs of outsourcing it. This is especially true if he's in a highly regulated industry.

This might require moving hosts. I'd first start by getting a good understanding of the legal obligations then look at how you would go about proving you're complying with the law during an audit. If you're outsourcing the entire mail system already, it might make sense to just move the email to a company specific to that industry. For example, the financial industry has a ton of providers that have email hosting, archiving, filtering, and compliance testing all rolled into one. However, without a clear understanding of your legal requirements, your client could be at risk which is bad for business.

View more solutions

7,547

Chris Phillips

Updated on September 17, 2022

Comments

Chris Phillips almost 2 years

My client runs a small business. This business has a small number of employees. They are currently hosted through GoDaddy for web and email.

For legal reasons the client would like to archive emails sent by their employees. Currently the emails are all done through POP3 so all the email is basically housed in files on individual machines (remember, small business).

It's been proposed an inexpensive solution to this would be to have all emails BCC'd to a main account so that conversations with the outside would could be archived and tracked. I have not investigated it myself personally but apparently GoDaddy can do something along these lines for all incoming email but not for outgoing email.

What would be the cheapest/easiest way to archive incoming/outgoing email from employees of a small company?

UPDATE:

I've modified the title to reflect employees not users. The goal of this is to archive sent emails for legal reasons. This is something the employees will be cognizant of and on board with.

The bottom line here is to basically emulate a feature of a larger-class platform through a smaller, cheaper platform. If the answer is "can't do it, buy an Exchange license" that's fine.

My apologies for phrasing this so poorly. I understand why there was so much confusion.
- learnningprogramming about 14 years
  
  In your defense, this is a site to ask technical questions and those of us (myself included) that responded at least in part with non-technical comments weren't being too helpful. Your update helps but the original question was pretty clear. I think we're all also employees in addition to being geeks and many of us have had controlling, micromanaging bosses and your question perhaps touched a nerve. :)
- tanius over 5 years
  
  Related question: "How to log full outgoing mails in Postfix?". Answer proposes a Postfix filter.
TomTom about 14 years

YOu miss ethical and legal issues here. In most jurisdictions businesses are required to keep copies for x years of all business documents, and - emails are part of that.
TomTom about 14 years

You need to start listening to reality. It is required by law. Emails are business documents, can conclude contract negotiations and thus fall under retention laws. Exchange actually has archiving functions since 2007. Check microsoft.com/exchange/2010/en/us/Archiving-and-retention.as‌px
TomTom about 14 years

+1 for the only one in a long list of questionable posts who actually focused on legal requirements first ;)
Oskar Duveborn about 14 years

Yes this has been supported on Exchange for a while now, and if 2007 didn't cut it - 2010 can dump everything into a separate mailbox as well.
TomTom about 14 years

So what? What funny ethics to people have in your country that a business is not allowed to monitor it's own internal systems? As long as employees are notified, there is no enthical reason, in no jurisdiction.
gravyface about 14 years

Archiving yes, "automatically BCCing to someone"? no.
gravyface about 14 years

TomTom: there was no mention of legal requirements, nor did he say "archiving" -- his question asked if he could automatically BCC the users' emails to someone, presumably without their knowledge. This is not the same as "archiving" which could be trivial implemented with something like fetchmail periodically grabbing their IMAP mail. It's a poorly phrased question, and one that strikes a nerve with most people as it appears to be an unethical request. Note: the asker still hasn't mentioned archiving in his question, so please refrain from calling us idiots for no reason.
gravyface about 14 years

TomTom is obviously on a troll rampage here: he's conveniently twisting the asker's question to mean "archiving for legal requirements" instead of "my boss wants to spy on his employees" which is an invasion of privacy in many jurisdictions too. There's no mention of archiving at all in the original question, the boss wants to snoop in real-time on his employees email activity. That's all.
gravyface about 14 years

+1 for the only technical response to the asker's question.
Chris Phillips about 14 years

@gravyface: You're right, this was a poorly phrased question from the word go. My apologies. Really, all the client is trying to do is emulate a function found in a more expensive solution like Exchange. Nothing more. All the employees are on board with this.
John Gardeniers about 14 years

Archiving of all mail, in both directions, is fully supported on Exchange 2003 as well.
gravyface about 14 years

Ok, in that case, if Small Business Server is not within budget (as TomTom suggested), you could use fetchmail as I suggested -- it would automatically download everyone's mail and store it locally; it's quite robust; I'd also use IMAP as the protocol on (I'm assuming) Outlook as you can also setup a PST to store the mail locally as well.
John Gardeniers about 14 years

@gravyface, I read the question the same way, even though the OP has now stated that archiving is the objective. Nevertheless, TomTom's comments still indicate he/she didn't actually read my answer before ranting.
sleske about 14 years

Why does this rule out a Linux MTA? What is the problem with using an MTA (Linux or not) which just keeps a copy of every email sent?
TomTom about 14 years

A copy is not an archive. Archives must follow certain rules to be court legal - one of hem being tha you can nto easily delete stuff. A copy in a mailbox will get you in court trouble immediately. Can you proove you did not insert anything after the fact, or delete part of it? Proper archive systems are hard to manipulate.
TomTom about 14 years

-1 for being not legally binding an thus worthless ;)
Razique about 14 years

I'll tell you why I said : "I won't take part of the debate". I manage a customer service's mail platform. They needed to see everybody's sent mails, so if someone deals with a customer, the guy from the customer service must be able to see what others have written. (And sometimes when you call an agency, they tell you "ahh I see that my colleague, blah blah"). So there ain't any legal issue here and it's a similar case ;)