Mailbox versus Journal Archiving

Written by Frederic Bourget, VP of Product at IPRO

Organizations archive emails for various reasons. Some do it for storage management, others do it for retention compliance, while others do it to enable eDiscovery & Search. Over time, the reasons for archiving, as well as the technology behind archiving, have significantly evolved. From on-premise only systems to cloud systems, different vendors have offered two ways to archive emails: Journal Archiving and Mailbox Archiving. The choice of the type of archiving you want depends on your objectives for archiving. Both have benefits and drawbacks. In this blog post, I’ll review the differences between the two so that you can make the best decision for your organization.

What is Journal Archiving?

Journal Archiving is catching emails as they circulate. Typically set up as a forwarding rule in the mail system’s MTA, which is the part of the mail system that sends emails from one mailbox to another, this part of the server has the capability to copy any emails to another recipient or mailbox. So the journal mailbox is the location where all of the emails that have been transferred by the MTA are copied. In this scenario, the mail server takes the original message and sends it as an attachment to another email that is addressed to the archiving server. This allows for the original content to be kept as is. So for every email that the MTA sends, the archiving solution receives an email and is then able to unwrap the email, remove the attachment, and store this attachment in the archive.

A journal archive from a specific server contains all of the emails that the server has sent. The majority of email archiving cloud vendors use journal archiving as it requires minimal infrastructure. Basically, an email server could be used as a simple archiving solution, as long as it has search capabilities.

What is Mailbox Archiving?

Mailbox Archiving is copying emails from the mailbox. Mailbox Archiving solutions have the ability to capture data in users’ mailboxes. This is usually done through APIs provided by the server vendor. Over the years, most email server vendors have added capabilities to connect to their mail store in order to enable advanced collaboration applications. These APIs can be used to connect to the mailbox and copy any new content that is in it and move it to an archive. These APIs are flexible enough that criteria can be set as to what should be archived and what should not.

A mailbox archive will have any content that is found in the mailbox according to the filters set in the archiving solution. Advanced enterprise on-premise archiving solutions were the first to employ this method which requires a combination of APIs and archiving jobs to pull the data from the mailbox.

What are the benefits of Journaling?

One of the major benefits of Journal Archiving is that it provides data immediately after the email has been sent. As soon as data is sent, it is copied to the archive, which is very useful for auditing purposes or urgent investigations. There is no need to wait for an archiving job to run a search to find an item. The search can usually be run within a few minutes of the message being sent or received.

The other major benefit of Journal Archiving is the simplicity of setup. Only a simple rule needs to be set up within the email system to start forwarding all emails to an archiving solution. When using a cloud archiving solution, the service provider will simply provide an email address to forward the email to – the rest is done through the magic of standard internet protocols with no APIs to configure and no special admin accounts to create.

What are the benefits of Mailbox Archiving?

Mailbox Archiving also provides a number of interesting benefits. The first, and in my opinion the most important benefit, is the capability to archive everything in a user’s mailbox. That includes, not only the email that was sent or received but also all the other information that populates the modern mailbox of collaboration systems. For example, any personal items, appointments, tasks, draft emails, and notes that are not sent can only be captured within the mailbox. For example, a doctor’s appointment may provide a missing alibi in an investigation and that item would only be found in the mailbox. The folder structure of the mailbox can also be a good indication of the intent in processing an email, and this can obviously only be captured in the mailbox.

The other piece of information that lawyers and auditors often find very useful is the metadata. Has the item been read? Was it forwarded to someone? Or was it promptly deleted to hide evidence? All this information can be found attached to the item which is captured and then searched when mailbox archiving is done.

Another benefit of Mailbox Archiving is the capability to filter what is to be archived. Some organizations may want to only archive data that is in specific folders, and not want to archive the trash or a personal information folder. Other organizations that are trying to reduce the size of their live mailbox can set time constraints on which emails are archived and deleted (optional) from the live mailbox.

One of the benefits often pointed out in Journal Archiving is that it is the only way to guarantee 100% retention, however, I think this does not apply anymore. First, most modern mail systems guarantee that all emails are captured even if users have deleted them through the use of special hidden folders or item tags. Second, if you are using journal archiving, you only receive a copy of what was sent so you are already missing some information.

100% Retention

On the topic of 100% retention, the question of reliability often comes up. Did all the emails get captured through the archiving process? In general, Mailbox Archiving provides the capability to re-try archiving an item. For example, if communication between the server and the archiving solution is interrupted, the email will be archived on the next job pass. Provided the mail system is not corrupt, the email system will keep the email until the issue is resolved. In Journal Archiving, standard protocols provide some reliability, but occasionally email never reaches its destination. From a technical standpoint, it is hard to guarantee 100% retention in real-time archiving systems (like journal archiving) than store and forward systems (like mailbox archiving).

Which Type of Archiving Should You Choose?

Smaller organizations generally prefer journal archiving for its ease of setup. However, most enterprise customers, when presented with both possibilities, choose mailbox archiving. We do see organizations that enable both capabilities for audit reasons or simply to be equipped with “belt and suspenders” should an emergency arise. When using both for audit reasons, most organizations only keep the journal email to cover the period of time until the item is captured through mailbox archiving since the information is much richer coming from the mailbox and deleting journals minimizes the duplication of data. Whichever method you choose, you should evaluate your needs to select the one that is most appropriate for you.