So recently this topic came up again in the office. And with clients. And I came to realize exactly how sticky this problem really is. The requirements companies generally has is something down the lines of:
We want all email to be archived, and we don’t want anybody to have access to it. Not even the mail admins, and yet, they want the archives to be available on demand.
The irony is that your email admins can probably do significantly more damage than you think. For example, it’s dead easy to BCC all incoming email from your CEO to him/herself.
So from the outset there are legal issues surrounding email archiving, when are you allowed to archive (monitor) and when not. Who’s allowed to have access to these archives and who not? To what extent does your policies cover your proverbial legal ass, and to which extent does your archive solution need to be immune from it’s administrators (without hampering their ability to perform their work). These types of questions are strictly speaking not even technical – and trust me, when it comes to legalize I’m the last person that should be asked about these things.
I prefer the technical side of this challenge. And when it comes to email archiving there’s a few.