be Smart.
be Secure.
Phone: 800-441-6612

Can you access copies of all email messages sent and received by your employees?

As an email service provider, we are constantly asked by business owners to retrieve email messages received or sent by specific employees last month, last year, or many years ago.  The reasons are numerous and include:

  • Contractual disputes requiring proof of exactly what was said, and by whom
  • Inappropriate employee behavior requiring proof of what was said or done
  • Accusations of harassment requiring exact copies of the messages in question for analysis
  • Important business information or data that may have been sent and subsequently lost or deleted and now needs to be retrieved

It’s a good hypothetical to consider: what would happen if your organization suddenly needed copies of all email correspondences between two people from, say, two years ago?

It turns out that in many cases, such requests are made in vain. 

What about user email folders and accounts?

Messages in question may or may not be found in the regular and sent email folders of the users in question.  In all likelihood, they will not be unless the user is meticulous and not worried about his or her job.  Why?

  1. Many people download their email to their computers, deleting it from the server.  If these computers are lost, stolen, or reset, these messages may be lost.  Even if they aren’t lost, it still may be difficult in some cases to access the messages from the user’s computer, especially if the user has left the company or is under suspicion for wrongdoing.
  2. Many people delete old email after it is no longer needed.  Thus, messages from years ago may be long gone.
  3. Many people accidentally delete email anyway.  There is no guarantee that all the messages that you see in an email folder are all the ones in question.
  4. People engaged in something “shady” would be expected to cover their tracks, deleting compromising email messages and other data.

Relying on email currently in users’ email folders is an extremely unreliable way to ensure that you can access important old correspondence.

What about email backups?

Most email providers and IT shops perform backups of email these days.  These backups are generally snapshots in time of the email present in the email folders on your email server; a nightly backup of all email, for example, which is then kept for a certain number of days.

Backups are essential.  They allow you to restore deleted email folders and to find lost or deleted email messages.  However, they have some serious limitations that makes them inadequate insurance for the kind of business-critical email recovery in question:

  1. Not all messages sent or received will be in the backups. Only messages in your folders on the server when the backup is made will be included in the backups.  Messages that were never saved to a folder (e.g. if the user is not saving copies of some or all sent email) or which were deleted from folders (such as an inbound messages deleted from the INBOX right after it was received) will not be saved and will not be recoverable.
  2. Only messages on the server are backed up.  People who regularly download their email from the server to their computers will always have empty or nearly-empty folders on your company’s email server.  Those empty folders are being backed up.  The email on their computer may not be (unless you have explicitly set this up and have access to it).
  3. Backups are impermanent. Generally, backups are kept only for a relatively short period of time (e.g. weeks or months), so if you need messages from further back in time, you are likely out of luck.

What do you do?

The solution that gives you real insurance that you will have access to unmodified copies of all messages to and from your employees for years is to setup email archival.   With email archival:

  1. Copies of all sent and received emails are streamed in real time to an independent set of servers
  2. There, the messages are indexed, encrypted, and saved redundantly
  3. The messages are then available for you to search and download (but not edit, and generally not delete) for a number of years. The duration is often something that you can choose, but retention for up to 10 years is common.

Archival has the following advantages:

  1. All messages are captured
  2. Messages cannot be altered or deleted by employees — even by your system administrators and operations techs.
  3. Messages can be searched for and accessed through the archival portal at any time by management without the assistance of or knowledge of employees whose email may be under investigation.
  4. Messages are kept for a very long period of time, suitable for legal discovery and HIPAA compliance.

So, can you access copies of all email messages sent and received by your employees?

The answer is “yes” if you have email archival set up.  It is “hopefully”, “maybe”, or “no” otherwise.  Email archival is a form of insurance that most organizations actually use and are thankful for, and which other organizations only wish they had the foresight to setup once it is needed.  The marginal cost of email archival is small compared to the benefit of having it when you need it.

Do you think email archival would be good insurance for your organization?

Leave a Comment

You must be logged in to post a comment.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries