A Programmatically Accessible Email Archive?

JohnnyConatus asks: "Does anyone know of a service that offers corporate email archiving and also provides a read-only interface for accessing the archived emails programmatically? Ideally this would be in the form of an database connection or a web service. My current employer is required by the SEC to archive all email communication with clients and we would like to incorporate the archived emails into our internal applications. I have called just about every email archive service I could find via Google, and while most offer a web application to search the emails, none so far have a solution for doing so programmatically. For various reasons, archiving the emails ourselves is considered the last resort. If we had to implement archiving locally, a program that archived by acting as a mail gateway would be the ideal since we'll be supporting a wide-range of mail servers."

You're talking about SQL storage of messages

[scotpurl]

http://www.dbmail.org/ [dbmail.org]

is one starting point, but there are a few others.

You're basically replacing /var/spool/mail with an SQL back-end. Things like MBOX or IMAP will suck for dealing with millions of records/messages, but SQL should handle it easily.

Re:IMAP as the API

[LetterJ]

I personally use IMAPSize [broobles.com] to archive my IMAP mail that is needed mostly for historical purposes. Just yesterday, I pulled 12,000 messages off of my IMAP server for long-term storage. It turns them either into an mbox file or individual emails. I've then got a script that dumps them into a database as well as just zipping them up for burning to optical media. The database is for quick searching, the files for backup/recovery. I looked for the solution mostly to speed up my IMAP server and client both, which weren't happy with the huge numbers of email I was storing or occasionally crappy connections. I've got a web interface to it that also lets me easily reply to a message directly from there, pull out related messages, etc.

Assentor

[Anonymous Coward]

We have the same SEC requirements here and we use iLumen's Assentor [ilumin.com] products. The configuration was painful initially, but it's quite effective. Here's an article [s-ox.com] on the Sarbanes-Oxley Compliance Journal. It stores ALL email and IMs and the contents and functionality can be made accessible via APIs or database calls.

SEC will not allow exactly what you want

[Anonymous Coward]

Disclaimer: I work for a company that makes SOX compliance appliances.

The SEC requires you to keep all email in house. As far as we can tell that means your storage must be in house, not at a service provider.

We don't provide such an interface. In our products. We want as few possibilities for bugs where you can delete/alter email as we can. By sticking to our interface we have a better chance of keeping you from doing something illegal (which could reflect on us). However we do provide a web interface which a cleaver programmer can script.

If you use something other than Microsoft Exchange, you can set the always-cc option to send email to several users, one of which is the account our device polls from, and one is an account you can doing anything on. Frankly I prefer this option. We don't want you messing in our product for anything other than the compliance purposes we have designed as it may open us in court questions of if we are for compliance when we do those other things.

Yes we are paranoid, but there are some strong laws around on this subject, and right now regulators are looking for examples to prove they are doing their job.

Re:i remember seeing somethign like this once

[tzanger]

Exchange4Linux [exchange4linux.org] does exactly this. Works pretty well, we've got a shitload of email (videos too), 5000+ contacts and all manner of data sitting in a PostgreSQL database.

It's NICE being able to execute SQL queries on your aggreate communications data. Perfect example: Our Asterisk head-end system knows which of our customer service people is on pager duty with an SQL query which looks at their service calendar. :-)

Do some research ...

[gstoddart]

If your company is doing this for SEC compliancy (meaning Sorbanes-Oxeley) you really need to look into all that goes along with this.

You'll still need to provide security as to who can view messages. Search for legal purposed. You have document rentention scheduled you'll need to adhere to. You'll potentially have a freakin' huge volume of data to look it.

I'm seeing a lot of references to PHP and Java classes -- something as important as SEC regulations for e-mail archiving shouldn't just be thrown together willy-nilly. Failure to get it right could cause *huge* legal problems downstream.

Mail archiving for SEC/SOX is an utterly non-trivial undertaking.

Cheers

Courier

[bobv-pillars-net]

Courier [courier-mta.org] has an optional "big-brother" mode that makes a copy of every email that passes through. It can be set up as an email gateway and has a flexible authentication and filtering mechanism with standard plugins for SQL, LDAP, PAM, and others.