A Programmatically Accessible Email Archive? 61
JohnnyConatus asks: "Does anyone know of a service that offers corporate email archiving and also provides a read-only interface for accessing the archived emails programmatically? Ideally this would be in the form of an database connection or a web service. My current employer is required by the SEC to archive all email communication with clients and we would like to incorporate the archived emails into our internal applications. I have called just about every email archive service I could find via Google, and while most offer a web application to search the emails, none so far have a solution for doing so programmatically. For various reasons, archiving the emails ourselves is considered the last resort. If we had to implement archiving locally, a program that archived by acting as a mail gateway would be the ideal since we'll be supporting a wide-range of mail servers."
You're talking about SQL storage of messages (Score:3, Informative)
is one starting point, but there are a few others.
You're basically replacing
Re:IMAP as the API (Score:3, Informative)
Assentor (Score:2, Informative)
SEC will not allow exactly what you want (Score:2, Informative)
Disclaimer: I work for a company that makes SOX compliance appliances.
The SEC requires you to keep all email in house. As far as we can tell that means your storage must be in house, not at a service provider.
We don't provide such an interface. In our products. We want as few possibilities for bugs where you can delete/alter email as we can. By sticking to our interface we have a better chance of keeping you from doing something illegal (which could reflect on us). However we do provide a web interface which a cleaver programmer can script.
If you use something other than Microsoft Exchange, you can set the always-cc option to send email to several users, one of which is the account our device polls from, and one is an account you can doing anything on. Frankly I prefer this option. We don't want you messing in our product for anything other than the compliance purposes we have designed as it may open us in court questions of if we are for compliance when we do those other things.
Yes we are paranoid, but there are some strong laws around on this subject, and right now regulators are looking for examples to prove they are doing their job.
Re:i remember seeing somethign like this once (Score:3, Informative)
Exchange4Linux [exchange4linux.org] does exactly this. Works pretty well, we've got a shitload of email (videos too), 5000+ contacts and all manner of data sitting in a PostgreSQL database.
It's NICE being able to execute SQL queries on your aggreate communications data. Perfect example: Our Asterisk head-end system knows which of our customer service people is on pager duty with an SQL query which looks at their service calendar. :-)
Do some research ... (Score:4, Informative)
You'll still need to provide security as to who can view messages. Search for legal purposed. You have document rentention scheduled you'll need to adhere to. You'll potentially have a freakin' huge volume of data to look it.
I'm seeing a lot of references to PHP and Java classes -- something as important as SEC regulations for e-mail archiving shouldn't just be thrown together willy-nilly. Failure to get it right could cause *huge* legal problems downstream.
Mail archiving for SEC/SOX is an utterly non-trivial undertaking.
Cheers
Courier (Score:3, Informative)