Netmail Blog

Safely Deleting Problematic Email From Your Mail

Posted by Frederic Bourget

Mar 10, 2015 10:31:44 AM


This week I am visiting DisneyWorld with my family. There is something magical about the place. It feels like everything comes together by itself. As if all was where it was supposed to be. The experience has been all planned to the exact details, as if it was possible to think of every scenario possible. The reality is that things that are well thought out from the get-go provide us with that feeling.

Software can be like that when whatever problem you throw at it, it handles it well. It’s about the architecture that is designed to be complete and flexible. This allows for new needs to be met, sometimes using the software as is, or sometimes, only with a simple UI change.

I had a customer conversation that felt like that just before leaving. The problem was stated this way: Our SECOPS (Security Operations) department sometimes has to pull an email from the system because there is a security issue (malicious link), compliance (HIPAA or SEC) concern, or it was simply too large and was sent to too many people. In the first case, it can be a requirement to stop an virus outbreak or a phishing attack. In the second case, it’s about stopping information that should have stayed private (PHI, for example) from spreading further. As email admins, we’ve all lived through the last case of an email that is too large and clogs the system.

Typical usage for Exchange administrator is to use the following set of PowerShell commands:

Search-mailbox & delete content

The challenge here is that there is no coming back when you make a mistake and your search criteria is wrong. That’s the problem when you also inadvertently delete important emails as well. There is no undo, no revert. So the command has to be used very carefully, especially because it is rather complicated to get any visibility in to what you are doing.

Obviously, there is a better way with Netmail--one that allows you to correct your mistakes. Here is how it works. The first step is to create a policy (or filter) to narrow the job to the email you want to remove. This could be via the subject, recipient, specific user mailboxes, date or other filtering criteria. Then, you run an archive job with this policy. In this case, you probably want to use a special repository just for the SECOPS effort. Once the job has run, you can verify that the emails you captured are the one you want to delete. Then, with the same policy, you simply run a deletion job. Problem solved !!

Next is the nice part. If you made a mistake, you can re-inject the messages in the same location and with the same attributes than before archiving. You can even choose which users to re-inject. This comes from the migration capability of our software. An undo of sorts, just like magic without designing any special software. Mistake forgotten.

You see, I do not think this use case was ever thought-of in advance. But with properly-designed software, you get to a point, where a lot of the things you want to do can be done simply by applying the right configuration. This is the case with Netmail.

Sounds too good to be true? DisneyWorld is such a nice place.


Topics: Email Security, Email Management, Netmail Archive