Nowadays, the problem isn't really so much how you do this, but rather is the legal morass surrounding it. The "How" is easy: with sendmail you can use procmail recipes or even milters to squirrel away copies of incoming and outgoing mail. Commercial products like Kerio Mail Server have direct support for archiving incoming or outgoing emails.
Some companies have legal need to do this. Sarbanes-Oxley may require it for many companies, as more and more do business by email. On the other hand, privacy laws, particularly with regard to medical records, are more stringent than ever. So, let's say we have a company that deals with stock transactions, and the SEC or Sarbanes-Oxley requires them to archive email. OK, now an internal employee sends a note to their doctor concerning a work place accident. Is it legal to archive that? Is it legal to read it? I sure wouldn't know, but it's the kind of thing you had better know the answer to before you turn on archiving. At Virtual Failover in the Cloud: Challenge Abound, this subject is discussed in the context of the Sarbanes-Oxley Act and it is noted that:
information maintained that is not required for compliance does not serve the company and has the potential to be evidentiary
Good luck trying to algorithmically determine which email is required for compliance. We can't even filter spam with 100% accuracy; how could you expect to figure out whether storing a particular piece of email was necessary to keep you out of trouble or vice-versa?
Got something to add? Send me email.
More Articles by Tony Lawrence © 2012-07-23 Tony Lawrence