Journaling
What is email journaling?
Email Journaling
Email journaling is a way of recording email communications. It is typically deployed by organisations that need to achieve compliance with regulations including Sarbanes-Oxley, SEC 17A-4, HIPAA, the European Union Data Protection Directive (EUDPD) and so on.
Journaling involves capturing a copy of all emails that flow into, out of, or optionally within a messaging environment and writing them to a separate journal store.
The journaling process is hidden to end users and the journal store content cannot be accessed by users. As such, it provides a reliable record of email traffic that cannot be deleted or tampered with by end users.
Although a regulation may not specifically require journaling, journaling can help your organisation achieve compliance and respond quickly and with confidence to eDiscovery requests.
Want more expert advice?
This is how email journaling works
Journaling takes place as email messages are routed into, out of or around your enterprise.
A journal agent is responsible for intercepting selected email traffic and directing a single copy of each unique email to one or more dedicated journal stores (also referred to as a journal mailbox), along with a copy of the ‘message envelope’.
The message envelope is a record of the all the email addressees that were associated with any given email.
This would include the original sender and anyone listed in the TO: and CC: fields, along with any recipients that were part of a local distribution list (DL) at the time of transmission, and importantly, anyone that was BCC’d on the email.
From a compliance perspective, if this full set of recipient information or ‘metadata’ is not captured, the initial data collection step of any future eDiscovery exercise could miss out some of the relevant people that received an email.
For example, anyone BCC’d on an email could potentially avoid detection in an eDiscovery exercise.
You can read more about why capturing ‘BCC’d’ recipients is important from an email compliance perspective
Keep in mind that the members of a DL will change over time as their roles change and as staff leave or join the organisation, so it is important the members of a DL at ‘the point in time’ is maintained.
For example, staff members that used to be in the Financial Trading department could be excluded from an investigation involving past insider dealing if they no longer appear in the current DL for that department.
Another important thing to understand about email journaling is that the journal store may be on a separate system from the journal agent responsible for writing the email record.
In this case journal emails are sent using an SMTP connection to a remote store.
Understanding how journaling works is useful in the event that you may want to migrate an existing email journal to a new journaling platform.
A good example of this might be switching an Exchange on-premises journal to a cloud based journal.
It’s an interesting point to understand that Microsoft 365 does not in itself offer a native journal mailbox capability, and instead recommends configuring journal rules that write journal records to a separate journaling service.
If you’re curious to see how Microsoft 365 can potentially replace the traditional journaling service, and how legacy journals can be mapped onto this new ‘compliance model’, review this article.
Microsoft 365 Essential eBook
Make Microsoft 365 a one-stop-shop for email record compliance
