Email Journal Migration
Why BCC is important when you migrate your journals to Office 365
Why are BCC’d recipients so important?
In relation to email, BCC stands for “blind carbon copy.” Just like CC, BCC is a way of sending copies of an email to other people. The difference is that recipients CC’d on an email have no visibility of the fact that other people may have also received the same email.
I think we’ve all been on the receiving end of a marketing email that’s been inadvertently sent to CC’d a circulation list. This is where BCC comes into its own, but there’s other scenarios where BCC is used.
A key thing to consider is “Why do people use BCC in work-related emails”?
- To raise an issue concerning a co-worker?
- To lodge a confidential record of an email exchange with a third-party?
Arguably the use of BCC is secretive and deceptive and it follows that the nature of the email will be more ‘shady’ or confidential than an openly CC’d email. It also follows that the person being BCC’d is just as important, if not more so, than those that are CC’d.
The good news:
The default Exchange journal setting (and that of most hosted journaling services such as Mimecast) is called an ‘envelope’ journal. The envelope includes a record of the TO: and CC: fields as well as any BCC’d recipients and all the individuals included in your local distribution lists (DL) at the point in time the email was received by your messaging transport agent (MTA).
The bad news:
In the process of migrating to Office 365, you could be stripping out BCC and DL information from your email records.
Having helped with extremely large corporate email investigations, we know the importance of maintaining complete email records and maintaining due diligence when handling email archives in particular. https://www.theguardian.com/media/2011/jul/08/phone-hacking-emails-news-international
What’s the problem with Office 365 & Journaling?
The key ‘gotcha’ is that Office 365 does not have a journal service – at all.
Until recently if you wanted to move to Office 365 and maintain a conventional envelope journal you’d have had to subscribe to a third-party service from an organisation like Mimecast, or keep an Exchange journal running back on-premises.
But in the last few years Microsoft has been filling a few holes. Office 365 can now effectively replace the role of the envelope journal and provide a one-stop-shop for compliant and complete email records retention. This is how it works:
- Instead of using a large, centralised, single-instanced mailbox that is inherently difficult to scale and failover, Microsoft uses its optimised multi-instance storage model. This allows each user to retain his/her copy (journal) of all emails sent/received with zero performance penalty and no single point of failure.
- By putting all relevant mailboxes on In-Place Hold, all emails sent and received are retained indefinitely.
- Deleted emails are removed from the user’s view, but held into a special hidden folder inside the Recoverable Items Folder (RIF), where they are available to the eDiscovery process.
- Any BCC’d recipients will be retained indefinitely in the senders’ mailboxes.
- The members of any distribution lists (DLs) are expanded at the point of sending and stored in hidden headers in senders’ emails so they are fully discoverable.
- Ex-employee’s mailboxes (i.e. those belonging to leavers) can be put on Indefinite Hold and made available for eDiscovery, without a license penalty (using Microsoft’s inactive mailbox service).
So assuming you’re not going to dump over 10 years’ worth of email records when you move, all you’ve got to do it map what’s in your existing journals and any journal archives (which are commonplace given the size to which journals can grow) into the new model.
You’ve actually got a few options for doing this, ranging from quick and potentially dirty to slower and comprehensive?
Email Journal Migration
Want to get the full scoop on how it all works? Get in touch today.