How to Spy on Your Staff with Exchange Server 2007

833767_95277664Let’s be clear about this before we go any further – yes you could use these techniques to spy on your staff, and yes at face value it may seem as though these techniques serve no purpose other than to spy on staff.  But the reality is that what I’m about to describe can be used quite legitimately within a business for purposes other than outright spying.

There are two features of Exchange Server 2007 that can be used for this – Journaling and Transport Rules.

Exchange Server 2007 Journaling

The best way to think of Journaling is that it is a way to make a copy of emails that match certain sender or recipient conditions.  Typically this is done for regulatory compliance purposes, such as a legal requirement to retain copies of all email received by a government department for Freedom of Information purposes.

When an email is “journaled” it is simply copied to another mailbox.  Basic Journaling will copy all emails sent to and from recipients on a mailbox database to a specified journal mailbox, whereas Premium Journaling allows some more granular control such as per-recipient journaling rules, but the concept remains essentially the same.

A genuine application of Premium Journaling might be to journal all emails sent to or from a customer service email address so that all such communications are kept on record.

Exchange Server 2007 Transport Rules

Transport Rules can be used to achieve the same outcome as Journaling however they have a lot more features available and offer much more granularity.  For example you can use Transport Rules to add disclaimers to emails in Exchange, or block confidential emails.

You can also use Transport Rules as a kind of internal email filtering for inappropriate content.  This would be useful for policing acceptable usage policies.  By configuring a Transport Rule that detects certain words and blind copies any such email to a HR mailbox for inspection an organization might detect and avoid harassment issues within the organization.Similar rules could be configured to detect certain words that refer to trade secrets or confidential information to try and detect anyone discussing those topics with outside parties.

Less ethical uses might include use of Transport Rules to find out who is emailing recruitment firms looking for a new job, or who is discussing romance, religion, or other private matters.

The Email Administrator’s Dilemna

Although the title of this post was designed to be slightly tongue in cheek, the reality is that email administrators can be put into some tough situations by the availability of these features.

Just about any email server product has had the ability to tell from log files who emailed who and at what time, but usually doesn’t include any of the actual email content (sometimes the subject line is logged).  This is for two main reasons – firstly we really don’t care what is in the email itself, we’re only interested in whether or not it got delivered, and secondly logging all of the email content would take up a lot of disk space.

Journaling has been a feature of Exchange Server prior to the 2007 version, but Transport Rules are new to Exchange 2007.  These features can mean a few tricky situations for email administrators to be aware of.

Firstly there are the legal considerations, such as whether the availability of the feature compels you to employ it to protect staff, for example from email harassment.  Another legal consideration is whether the use of these features will result in email administrators being dragged into any legal matters that might spawn from email communications.  From personal experience this is a very real possibility.

Secondly there are the ethical considerations.  If you as the email administrator are directed by a superior to configure a Transport Rule that would effectively spy on an individual within the organization you might be enabling harassment or bullying to take place, which could land you in some hot water if you go along with it.  Again from personal experience this can happen, but usually if the request is from HR or an Internal Audit department it is clearly okay.

So there you have it, two useful and powerful features of Exchange Server 2007 that can be used for a variety of good and evil purposes.  Make sure you understand each feature, its capabilities and limitations, and always consider the legal and ethical implications of the actions you take with them.

Written by Paul Cunningham

Paul lives in Brisbane, Australia and works as a technical consultant for a national IT services provider, specialising in Microsoft Exchange Server and related messaging systems.

Leave A Reply