Re[2]: [Declude.JunkMail] Determining a BCC Recipient
you shouldn't proceed under the assumption that government regulators are out there giving IT staff lists of words to be used in full-text search of E-mail archives. That is not the law, and it is not how subpoenas are issued. First: I clearly noted that legal (or compliance, if distinct) is given all documents, including criteria for an archive search, and that IT staff are not responsible for the search. IT is expected to create a system that compliance officers can use independent of IT (in turn respecting employees' privacy from sysadmins' snooping, restricting access to those that perform that role professionally). The full retention media must also be made available, but the regulators will request pruned material. You seem to think that you're really going to hit it off with regulators by coolly giving them hard drives with terabytes of raw mbox data and nothing more. You obviously don't know how it feels to be faced with hundreds of millions of dollars in fines and the knowledge that every day you delay is another day with your company name in the papers as an ongoing investigation. You do not mess around or play tough on producing records; you will only go down harder. The examples are legion. Second: last you wrote, you'd only been involved in an investigation that was not bound to SOX or SEC regulations. I see nothing in your new comments, though they're more verbose, that's any more authoritative. Your isolation of SOX seems deliberately naive, since it is commonplace for SOX's open-ended storage requirements to be allied with SEC 17a-4 requirements to ensure coordination between departments and guarantee prompt response to inquiries without the perception of considered obstruction through negligence. And no organization creates separate SOX-compliant systems and SEC-compliant systems if bound by both. Third: my notes are based on our work with three different clients' IT staffs, their inside and outside counsel (two different outside firms), and documents submitted by regulatory agencies that were specific to the cases; it is also based on the experience of building the original, incomplete archiving systems for these clients and later expansions and revisions of these systems to achieve independently verified SEC/NASD compliance. Fourth: there were no enemy lawyers involved, unless you consider those attempting to prevent criminal actions--in this case, stealing millions from individual investors to benefit secret corporate alliances--to be your enemies. Yet, if those are the enemies in question, I'm surprised you're opposed to _Ipswitch's_ recent activity. Aren't they just following in the footsteps of Enron by concealing their probable dead-end status while soliciting huge monies for nonexistent products? How can a private company's secrecy and price gouging be such an abomination, based on the insults you've used on the IMail list, while here you encourage a public company's destruction of records wherever you perceive a loophole? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Determining a BCC Recipient
Each company is different and therefore so are their needs. Okay, but _Rick's_ needs are SOX compliance. I don't have any interest in discussing general archiving methods; to each his/her own in that effort. Many that archive will never need to go through the data, primarily because many companies aren't so enormous that they have the legal liability nor the volume that would necessitate a preemptive indexing of content. I do not believe you are speaking from experience. I would consider it to be unrealistic to demand that a full text indexing be done of file attachments. . . That's nice, but it's not your choice. Regulators demand prompt, often overnight, responses to search requests (sometimes many concurrent requests). Do not think for a minute that unrealistic is the IT staff's trump card against compliance. This is not as simple as you think it is, but that's understable because you've evidently never been under the gun of a SOX or SEC investigation. Three of our clients have been through the latter (cleared, I might add, but now with double the liability insurance premium, probably forever). Two of these companies have less than 50 employees, and one has four full-timers. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Determining a BCC Recipient
Show me a search of a full text index that can positively give you 100% of the hits on a given topic and I'll let you have this one :) The regulators will typically give you a list of search terms to be used in a full-text search. Their specifications are what guide the accuracy of the search. Of course, deliberate and deep obfuscation of all nouns and verbs will elude the search. But you _must_ search all communications, including message bodies and attachments. This is the law. You can debate the constitutionality of the law or what-have-you, but the realities of an investigation are that all communications must be searched, and in any volume and with the deadlines one is always under, that mandates full-text indexing. Manual review is necessary to verify, and chances are you would need to manually review every E-mail going to and from specific employees across a range of dates. Wrong. The initial request is a list of search terms run through a compliant archiving system. The search results are vetted by counsel and submitted to the regulator. Pruned results may accompany the full results of the search, but the computer-generated results are the first line of compliance. At the regulator's discretion, manual review of all emails to detect anomalies, obfuscation, et al. might then be the next step. A good law firm would do the review themselves before passing on the material to the regulators instead of relying on some tech to identify the subject matter by way of keyword. The keyword search is part of the regulatory framework for electronic communications. Part of being compliant is ensuring that a search must be able to conducted by independent auditors _or the regulators themselves_ at any time. In a proper setup, a tech does not need to be involved in the actual search. I was involved in a case where I had to produce over 700 E-mails between myself and employees of another company. That wasn't fun. It was easy to identify the messages, but very time consuming to do the review. Yes, it is time-consuming. On that we agree. And shirking statutory obligations that in fact shorten the time to settlement/dismissal, and in turn bringing additional scrutiny, is not a wise tactic. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Determining a BCC Recipient
On Thursday, October 28, 2004, 10:44:32 PM, Matt wrote: M Patrick Childers wrote: Hi Pete, I think your gut is right. I'm pretty sure that I have 2 clients that would be quite interested in SOXsniffer. g M Not to debate the applicability of the technology, but you shouldn't M proceed under the assumption that government regulators are out there M giving IT staff lists of words to be used in full-text search of M E-mail archives. That is not the law, and it is not how subpoenas are M issued. snip/ All really appreciated Matt. I think the point is that the basic requirements can easily be met, and the search capability, which can be very useful in mundane and even positive circumstances, can be provided without a significant additional effort. So, for a very low cost, those who might not otherwise be able to afford the high-end systems you allude to can have the core of a fairly robust capability. I'm sure that core capability can and will be extended as needed if I do the job right. No assumptions here about marketability or suitability - only a raw capability that has a high potential for a low cost... and, based on my own experiences, having this kind of thing in your back pocket can be very powerful. I can recall times when a mechanism like this would not only have saved me days - even weeks of work, but also would have provided a significant competitive advantage. Consider auditing an engineering (or any large) project near completion or after initial deployment. The ability to extract all correspondence on the project in an inexpensive and orderly fashion is mind-bendingly powerful. -- Dump the results into a searchable mail archive system and you have a searchable, threaded reference that you didn't know you would need until now. Or... when the boss comes down and says: I need you to tell me _exactly_ what happened here... in that uncomfortable way that only pointy-haired fellows can really achieve... Been there, done that, got the t-shirt and the bumper sticker. It just makes you shiver. (Where would we be without Dilbert?) Anyway - I recognize your point about setting an appropriate policy. I just make hammers... I'll let other folks drive the nails where they are needed ;-) This is now decidedly off topic for Declude. Sorry for the extra bandwidth. Best all, _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Determining a BCC Recipient
I will look into those, the boss wants me to do this on the cheap, the sql idea was first so we could at least say we were archiving the email. If you just want archiving for independent audit and to show good faith, concatenate the Q and D into an envelope-preserving MBOX for each day. However, you have to plan for a real investigation, and retrievability and simple envelope and body searching requirements will not be met on the cheap--since maintaining terabyte databases with _any_ data isn't cheap. Full-text indexing of such dbs also not a small project no matter what the driver. FTR, dtSearch web costs, I believe, 1000 bucks ( + server + storage + labor ). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Determining a BCC Recipient
I have an application that acts as a POP3 mail client and writes the message body (with basic header info) to disk as a .txt file. I drop them into a folder hierarchy based on the date, etc which Microsoft Index server indexes (free w/ Windows). Just look for the message via a query based web page... Not sure if that helps but that's what we did for archiving/searching. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Wednesday, October 27, 2004 4:47 PM To: Rick Davidson Subject: Re[2]: [Declude.JunkMail] Determining a BCC Recipient I will look into those, the boss wants me to do this on the cheap, the sql idea was first so we could at least say we were archiving the email. If you just want archiving for independent audit and to show good faith, concatenate the Q and D into an envelope-preserving MBOX for each day. However, you have to plan for a real investigation, and retrievability and simple envelope and body searching requirements will not be met on the cheap--since maintaining terabyte databases with _any_ data isn't cheap. Full-text indexing of such dbs also not a small project no matter what the driver. FTR, dtSearch web costs, I believe, 1000 bucks ( + server + storage + labor ). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/do wnload/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2a liases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2alias es/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Determining a BCC Recipient
If it were me I would just use the CATCHALLMAILS feature of Declude and COPY them to an archival e-mail address and then just burn the inbox of that address to disk once a month. For low-volume and unregulated businesses, perhaps, but this will not accomplish compliance, since: - it does not preserve envelope routing information - at 1.5 GB per day, you could not actually read the monthly MBXs using a standard client, even if IMail and the filesystem allowed you to create them - it does not allow for keyword search and export over the volume of data in question - the monthly backup is too infrequent Remember, this is a question of regulations, not internal policies. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] Determining a BCC Recipient
OK, fine then. Don't do it every month. Pick the archival frequency of your choosing. And can't you use Declude to insert the routing information into the headers? And can't you download the e-mail from the inbox into the mail client of your choosing and archive it that way? Anyway, as usual someone's off on an unintended tangent here. All I'm saying is that if I worked for a company I would come up with a more elegant solution to mail archiving then being dependent on SQL Server or any other proprietary format. Plain old text files are just fine by me. - Original Message - From: Sanford Whiteman [EMAIL PROTECTED] To: Dan Geiser [EMAIL PROTECTED] Sent: Wednesday, October 27, 2004 5:33 PM Subject: Re[2]: [Declude.JunkMail] Determining a BCC Recipient If it were me I would just use the CATCHALLMAILS feature of Declude and COPY them to an archival e-mail address and then just burn the inbox of that address to disk once a month. For low-volume and unregulated businesses, perhaps, but this will not accomplish compliance, since: - it does not preserve envelope routing information - at 1.5 GB per day, you could not actually read the monthly MBXs using a standard client, even if IMail and the filesystem allowed you to create them - it does not allow for keyword search and export over the volume of data in question - the monthly backup is too infrequent Remember, this is a question of regulations, not internal policies. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] Determining a BCC Recipient
After all these suggestions I think concatenating the Q and D file and maintaining a text file is a much better way to go, dtsearch definately looks attractive. Thanks again for the suggestions. Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Sanford Whiteman [EMAIL PROTECTED] To: Rick Davidson [EMAIL PROTECTED] Sent: Wednesday, October 27, 2004 4:46 PM Subject: Re[2]: [Declude.JunkMail] Determining a BCC Recipient I will look into those, the boss wants me to do this on the cheap, the sql idea was first so we could at least say we were archiving the email. If you just want archiving for independent audit and to show good faith, concatenate the Q and D into an envelope-preserving MBOX for each day. However, you have to plan for a real investigation, and retrievability and simple envelope and body searching requirements will not be met on the cheap--since maintaining terabyte databases with _any_ data isn't cheap. Full-text indexing of such dbs also not a small project no matter what the driver. FTR, dtSearch web costs, I believe, 1000 bucks ( + server + storage + labor ). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Determining a BCC Recipient
I strongly recommend that you just simply keep these in their Q* and D* formats and zip up the directories every night and write them to a CD or something every so often. Like I keep trying to say, this isn't an every so often or best-effort regulation. It's strict and for-real. . . . you can easily write something that would unzip the files, search for addresses in the Q* files, and copy the needed files to a directory when needed. Searches are almost always by keyword, not by user. This is why full-text indexing of body and attachment is a must. And the restrictions on outside auditor access, et al. are too long a list to satisfy here. Just remember that this question relates to SOX, not random measures under the umbrella of archiving. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.