Balaji, Sridhar. What is the Single Most Challenging Sarbanes-Oxley Issue Today? Sarbanes-Oxley Compliance Journal. 2004.

Interesting discussion of offshore hosting providers. Insights into liability and jurisdiction and these xSPs being beyond the arm of the SEC. Hmm ...


Twentyman, Jessica. Letting go of email. Infoconomy. 8 Dec. 2004.

Some good info in here. Reference to Gartner estimate of e-mail management costs in large companies around $1,600/user/year. Emphasis placed on achieving efficiency in archival rather than simple brute-force archive-all methodologies. Also mention of the Commercial Litigators' Forum (CLF) that seems heavily engaged in e-discovery.


Lanham, Martin. Will your email archives stand up in court. IT-Analysis.com. 21 Dec. 2004.

Good article on compliance archiving for Exchange.


E-Mail in Clinical Trial Management Survey Reports 70% of a Clinical Research Analysts Working Week is Consumed by E-Mail. PharmaLive. Dec 7, 2004.

Some interesting statistics from a survey of Live Sciences sector workers conducted by The Wren Group ...

Interview with Tom Politowski, President of Waterford Technologies. SocalTech.com. Dec. 9, 2004.

Interview the president of Waterford technologies, the small company that makes MailMeter. 80 employees, now headquartered in Irvine.

[Vendor Press Release]. Intradyn's Email Archiving Appliance for Small SEC-Regulated Firms Adds Audit Capabilities. Yahoo Finance. Dec. 8, 2004.

Yet another appliance-based archival solution. This one from Intradyn.

Another delay for Oracle Collaboration Suite update

Discussion of Oracle Collaboration Suite 10g delays ... with mention of new content management offering that will be bundled in OCS.

Find anything, anywhere fast with MSN Toolbar Suite Beta

MSN has finally launched their MSN Toolbar Suite ... will be fascinating to watch the speed of uptake on this.


[Vendor Press Release]. Liquid Machines Announces Liquid Machines Email Control 6.0. EContentmag.com

Never heard of these guys before ... looks like a solution that works with Microsoft Windows Rights Mgmt, KVS and presumably Exchange environments.

[Vendor Press Release]. IntelliReach's Chief Technology Officer to Speak at the INBOX Email Event in Atlanta. TMCnet. Nov. 18, 2004.

More about the INBOX event ... this from the former Melia guys.

[Vendor Press Release]. Open Text Announces Email Management Platform, Collaboration Platform, New Artesia Customer. Contentmag.com. Nov. 16, 2004.

Move by Open Text into email management, email archiving, records management & search, etc.

Klug, Foster. Microsoft accused of destroying email. News.com.au. November 19, 2004.

More on Burst vs. Microsoft.

[Vendor Press Release]. First After-Death Email Service in India. Technology News - Onlypunjab.com. Nov. 22, 2004.

OK just had to blog this. I find the 15-day trial bit amusing ...

Neal, David. Why messaging needs controls. IT Week. Nov. 22, 2004.

Largely IM-centric but good article.


Kawamota, Dawn. Microsoft email deletion policy goes to court. CNET News.com on Silocon.com. Nov. 19, 2004.

Will be really interesting to see where this goes. Deleting all email after 30 days is becoming a common strategy.


Microsoft Exchange Reporting and Analysis

Microsoft Exchange Reporting & Analysis - FYI in case you haven't seen this yet, Quest MessageStats 5.0 is a phenomenal and award-winning reporting solution for Microsoft Exchange 5.5, Exchange 2000 and Exchange 2003 environments [and I just happen to be the Product Manager for this solution :-) ]. See this site for a ton of sample screenshots and a detailed product description ... http://wm.quest.com/products/messagestats/.


Pruitt, Scarlet. Exchange Users to Get More Tools. IDG News Service, London Bureau. Nov. 19, 2004.

Not really a ton of detail in here but mention of the fact that Microsoft will be involved in shipping a number of new Exchange tools over the coming year. These include of course the already-released ExBPA and the free Exchange Reporting Management Pack for MOM 2005 that Quest Software is partnering with Microsoft on ... announced yesterday http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20041118005163&newsLang=en.


Abel, Kris. Microsoft Chasing Google's Success. Globeandmail.com. Nov. 10, 2004.

Coverage of today's new launch of the MSN Search offering. NineMSN ran an alpha of this that's still available here: http://beta.search.ninemsn.com.au/ ...


Kennedy, D. A Gold Mine of Electronic Discovery Expertise:A Conversation Among Veterans of Electronic Discovery Battles. Law Practice Today. July 2004

Great reference from a number of core industry experts in e-Discovery. Great read.


Hurlbert, Wayne. Blogs and Public Relations. Blog Business World. Oct. 7, 2004.

Very interesting and thoughtful post on blogging and it's affect on the changing face of PR. Cool! Interesting side note to that ... heavy bloggers are starting to be admitted to industry events and conferences with media/press passes. Hmm ...

INBOX East 2004. Nov. 17-19, 2004 Cobb Galleria Centre, Atlanta, GA.

Another conference you may wish to consider marking on your calendars ... or at least keeping an eye on ...

[Press Release]. FTC and NIST to Host Email Authentication Summit. ANSI News. Nov. 4, 2004.

News Story

McKenzie, Gia. Charleston County School District Issues Apology For Email. ABC News. Nov. 5, 2004.

'Rediculous' (sic) use of "career-limiting" in an e-mail sent across the Charleston County School District. Another example of how what you write can come back to haunt you ...

Financial compliance driving IT investment. Business Report. Nov. 5, 2004.

Business Report - Financial compliance driving IT investment

Speaker's aide quits over e-mail. Edinburgh Evening News. Nov. 5, 2004.

Yet another example of how e-mail can get anyone into hot water. Basic rule of thumb, if you don't want it to come back to haunt you, don't put it in writing in any shape or form.

[Vendor Press Release] CIO Insight Magazine Strengthens Sales & Edit Team. Ziff Davis Media. Nov. 4, 2004.

Larry Downes' forthcoming quarterly column in Ziff Davis CIO Insight Magazine looks interesting ... it will focus on "the nexus between law, technology and business."

Miller, Jason. NARA proposes to lighten e-mail record load. Government Computer News. Nov. 4, 2004.

Government Computer News (GCN) daily news -- federal, state and local government technology; NARA proposes to lighten e-mail record load

Buckstein, Jeff. Staying Afloat in the Flood of E-mail. The Ottawa Citizen. Nov. 4, 2004.

Story about an Ottawa startup (NorthSeas Advanced Messaging Technologies) that has released an appliance-based archival solution (Guard E/N) for e-mail.


Litigation: Justice online. Legal IT. Nov. 4, 2004.

A UK perspective on e-discovery & IT.

Cummins, H.J. Sleuthing in the e-files. Star Tribune. Oct. 14, 2004.

Have been doing some blogging on e-Discovery of late ... this is really a buzzword in the industry that encompasses e-investigations and related e-discovery ... and the impact this new type of investigation has had on employment law over the past decade or so.

[Vendor Press Release] Fios Passes 10,000 Mark for Legal Professionals Educated on Electronic Discovery Technology and Issues. Nov. 2, 2004.

Fios Passes 10,000 Mark for Legal Professionals Educated on Electronic Discovery Technology and Issues

Freeman, Thomas. The Latest on Managing e-Discovery in Litigation. ReedSmith; Mondaq. Nov. 3, 2004.

Great article from a legal perspective on e-Discovery from a litigation perspective.

Blackburn, Maria. HIPAA, Heal Thyself. Johns Hopkins Magazine. Nov. 2004.

Great article explaining HIPAA-related issues.

The Carrots and Sticks of Compliance. Waters. Nov. 4, 2004.

Financial perspective. Interesting read.

Dybis, Karen. Fed audit rules cost businesses millions. The Detroit News. Nov. 2, 2004.

Fed audit rules cost businesses millions - 11/02/04

Zantaz Expands Its Email Archiving Solution. IT-Analysis.com. Nov. 3, 2004.

Some new functionality in EAS 4.0 (formerly Educom) just introduced ... addition of search capabilities across the archive (mandatory functionality in any archival solution IMO) and ability to archive file systems.

Semilof, Margie. Meta offers advice on Sarbanes-Oxley compliance. SearchWin2000. Nov. 3, 2004.

Meta offers advice on Sarbanes-Oxley compliance

Marks, Michael. ITIL compliance supports goals, keeps systems running. ZDNet. Nov. 3, 2004.

Great article on the importance of aligning with ITIL or similar best practices guidelines.


E-mail security company raises $45 million. The Mercury News. Nov. 2, 2004

News of IronPort Systems' recent fourth round financing of $45M, bringing total financing to $90M since it was founded in 2000.


Greenemeier, Larry. California City Relieved It Has E-mail Archives. InformationWeek. Nov. 1, 2004.

Good example of how an e-mail archival system (KVS in this case) adds value to the City of Oceanside's ability to respond to requests for Public Records.


[Vendor Press Release]. OutIndex to Enter Email Archiving Market. OutIndex. Oct. 29, 2004.

You may recall me blogging about this company awhile back ... I was running a comparison of OutIndex versus LookOut and other desktop PST indexing technologies. At the time OutIndex was unable to complete indexing my PSTs, despite numerous calls on the phone with the founder and hours spent trying to get it working. I'm not surprised to see OutIndex trying to get into the e-mail archiving market, ... I'd caution people evaluating the OutIndex solution to (i) consider the company size (this is a *very* small company ... ) and (ii) if you decide to perform a technical evaluation, to thoroughly test scalability and indexing speed.

Quest MessageStats 5.0 Released. Oct. 5, 2004.

Just realized I haven't blogged on this yet ... one of the products that I'm the product manager for currently - Quest MessageStats - has recently completed its largest-ever launch ... the launch of MessageStats 5.0. See this page for more information and numerous sample screenshots: http://wm.quest.com/products/messagestats/ ... read the what's new document at: http://wm.quest.com/library/getdocument.asp?target=qmswn ... and evaluate the product's business value by reading the product overview at http://wm.quest.com/library/getdocument.asp?target=qmspo.

Reuters. Google acquires online map provider Keyhole. CNN Money. Oct. 27, 2004.

More consolidation in the search & indexing space that's becoming more and more important across the industry, be it to do with compliance or otherwise.


Hildebrand, Carol. E-mail management: The curse of the killer app. SearchStorage.com. Oct. 27, 2004.

STRATEGIC STORAGE E-mail management: The curse of the killer app

Microsoft Corporation. Exchange Server Management Pack Guide for MOM 2005. Microsoft.com. Oct. 26, 2004.

New document from Microsoft discussing the Exchange Management Pack (available for Exchange 2000 and Exchange 2003, not Exchange 5.5) for Microsoft Operations Manager (MOM) 2005.

Lim, Jeanne. Corporate sentinels. Intelligent Enterprise Asia Online. Oct. 25, 2004.

Discussion of the increased importance of content filtering of e-mail within corporate networks.

[Vendor Press Release] IMlogic Enables Hedge Funds to Meet New SEC Regulations with Instant Messaging Compliance Quickstart Package. Oct. 26, 2004.

Smart move by Francis de Souza and the folks at IMlogic. Another company trying to ride the Sarbanes-Oxley wave ... this time for Instant Messaging. Francis, btw, used to be President of Sendit back when Microsoft purchased them ... their technologies grew into RVP-based Exchange 2000 Instant Messaging capabilities ... then Francis left Microsoft to form IMlogic. Now they're in deep partnership with Microsoft it seems ...


Stevenson, Rachel. Electronic censors help war on office sexism. IOL. Oct. 26, 2004.

Some good examples of companies in which e-mail has gotten them into hot water. Specifics provided in some cases.

Fox, Pimm. E-mail Has the Power to Destroy. Computerworld. Oct. 25, 2004.

E-mail Has the Power to Destroy - Computerworld

[Press Release]. Purdue to Assist Law Enforcement With e-Mail Forensics. Purdue University. Oct. 25, 2004.

Newsroom - Inside INdiana Business with Gerry Dick

Taub, Eric A. Now, e-mail, TV, in cars. The Indian EXPRESS. Oct. 27, 2004.

Discussion of Japanese and European cars emerging on the market from Fiat and other manufacturers that permit drivers to read or listen to their e-mails while driving (well, hopefully while stopped ... but we know that won't always be the case). Makes me wonder if e-mail is actually stored locally in the cars ... presumably it's just webmail of sorts. I want one ...

[Vendor Press Release] New Archiving Appliance from NorthSeas Launches Vendor-independent E-mail Management. NorthSeas. Oct. 26, 2004.

New appliance called the NorthSeas Guard E/N for e-mail archival announced by Ottawa-based NorthSeas AMT.


Kahn, Randolph A. Measure the Total Cost of Failure. Transform. Nov. 2004.

This is an outstanding article, well worth a read. The concept of measuring the Total Cost of Failure is a very suitable way of approaching compliance-related initiatives. Deciding whether to address compliance-related issues and deploy related technologies along with appropriate procedures and policies in an effort to mitigate risk talks to much, much more than traditional ROI and TCO models address. I'd go as far as saying this is a "must read" from a compliance perspective.

Fried, Ina. Microsoft fixes date for desktop search tool. ZDNet. Oct. 22, 2004.

More on the desktop search/indexing race between Microsoft, Google & Yahoo. Will have an impact on the compliance space.

Microsoft Issues Spark RSS Discussion. theWHIR's Web Host News. Oct. 21, 2004.

RSS is definitely getting alot of attention these days as blogs (such as this one) gain increasing popularity rapidly. A day will come when compliance-related issues turn their attention towards the content streaming across RSS feeds.

Olsen, Stefanie. Yahoo buys e-mail search company. ZDNet. Oct. 21, 2004.

Interesting move by Yahoo. Acuisition of Stata Labs brings Bloomba content/attachment search tool for e-mail to Yahoo.


Claburn, Thomas. Break-In At Berkeley May Have Compromised Data Of 1.4 Million Californians. InformationWeek. October 20, 2004

This story about the now-widely-publicized theft of UCBerkley's database containing 1.4 million Californians' Social Security numbers raises an interesting point from a compliance perspective. Many organizations spend a ton of time focused on identifying areas of elevated permissions (i.e., per Sarbanes-Oxley Act, Section 404, etc.) ... yet ignore almost entirely the usage profiles of individuals already "authorized" to access the data in question. Yet, as this story demonstrates, that addresses only part of the issue.

Ferris Research. Email Archiving Survey: Email as Formal Business Records Webinar. Oct. 13, 2004.

Looks like a good seminar.

Barnako, Frank. Evidence Piles Up in E-mail. Investors.com. Oct. 19, 2004.

Good article on the need for discovery of e-mail .... keep in mind the 4 main places you need to be able to discover for compliance reasons ... in your Exchange servers, in your backups, in your archives and in PSTs throughout your environment (unless you can manage PSTs/restrict them/archive them/etc.).


Morphy, Erika. Microsoft Announces New Storage Vision. Enterprise Windows I.T. - Data Storage Today. Oct. 7, 2004.

Good coverage of the Microsoft Data Protection Server (DPS) announcement recently.

Eldredge, Chris. Preparing the Marketing Department for Sarbanes-Oxley Compliance. DMNews. Oct. 18, 2004.

Interesting perspective on SOX.


Lei, Tao Ai. When data overflows. Asia Computer Weekly (ACW). Oct. 18, 2004.

Discussion of data overload esp. pertaining to SME space. Also mention of corporate governance, regulatory compliance, privacy and other related issues.


Paczkowski, John. If we keep our e-mail longer than 30 days, it starts to smell. SiliconValley.com. Oct. 11, 2004.

More coverage of Microsoft vs. Burst.com with some mention of e-mail retention policies and Microsoft's attempts at e-mail recovery.

Savvas, Antony. Blackberry rivals offer mobile e-mail choice. ComputerWeekly.com. Oct. 12, 2004.

Wireless adoption continues to grow and wireless e-mail will continue to pose an ever-increasing challenge to corporate compliance efforts.

Strupp, Joe. To E-Mail or Not to E-Mail: Can Reporters Offer Views in Private Correspondence? Editor & Publisher. Oct. 15, 2004.

Recent journalist who's private e-mails found their way into the limelight reinforces the oft-repeated warning to be careful what you put in writing or in e-mail.

Sutton, Neil. Ontario Ministry Labours to Retrieve e-mail Lost in Crash. ITBusiness.ca. Oct. 13, 2004.

Wonder how the Ministry of Labour is doing with their Exchange recovery ... post here if you hear of any updates ...

Khamsi, Roxanne. Paralysed man sends e-mail by thought breaking science news headlines. Nature.com. Oct. 13, 2004.

This really makes you think about e-mail ...

EU wants phone, e-mail data. The Washington Times. Oct. 16, 2004.

More anti-terrorism legislation in the works ... this time in the EU. Affecting phone and e-mail data ...

Microsoft Exchange - protecting it, managing it and keeping it running. AME Info Business News. Oct. 12, 2004.

Article from our Arab friends on the importance of protecting, managing and keeping Microsoft Exchange environments running.

Lent, Colleen. Shouting inappropriate, even via e-mail messages. Seacoastonline. Oct. 17, 2004.

Proposed 10 e-mail/Internet etiquette tips.

Grieg, Jane. Follow that e-mail. The Kansas City Star. Oct. 15, 2004.

Short Q&A on traceability of e-mail.

Gammill, Andy. School Board set to tweak policy on employee e-mail. Indystar.com. Oct. 15, 2004.

Example of appropriate e-mail usage policy at Washington Township School Board.


[Vendor Press Release]. Online Sarbanes-Oxley (SOX) Resource Completes Successful Beta, Launches. eMediaWire. Oct. 13, 2005.

Looks like an interesting new portal focused on SOX info for CXO level individuals.

Weiss, Todd R. Google Desktop Search app lets you 'google' your Windows PC. Computerworld. Oct. 15, 2005.

Interesting new application from Google called the Google Desktop Search program. Desktop indexing/cataloging and search will be an interesting space to watch over the coming year or so. I imagine this will end up heading down the compliance road as well with more powerful enterprise search capabilities with desktop reach just around the corner.


Taulli, Tom. Nightmare on Sarbanes Street. The Motley Fool. Oct. 13, 2004.

Interesting short story on SOX with mention of some public companies who have decided to go private to avoid the implications of SOX. Amusing Bismarck quote as well.


Maitland, Jo. E-mail archiving too time-consuming, survey says. SearchStorage.com. Oct. 6, 2004.

E-mail archiving too time-consuming, survey says

Vallejo-Yeo, Gene. Asia Computer Weekly. Oct. 11, 2004.

Asia Computer WeeklyExample of a company - Carlson Wagonlit- and their attempt at addressing compliance issues. Mention of e-mail and other data.

Fitzgerald, Neil. Just get the lawyer to e-mail it. The Herald. Oct. 11, 2004.

Just get the lawyer to e-mail it - The HeraldResults of a research study by Acritas finds 17% of companies surveyed report compliance as their #1 concern.

Gaffaney, David et al. Finger On The Pulse Of E-Mail. Information Week. October 4, 2004

InformationWeek > E-Mail Management > Finger On The Pulse Of E-Mail > October 4, 2004Good article on the need for e-mail management & compliance issues.


[Vendor Press Release] Entrust Debuts E-Mail Monitoring Tool. InformationWeek. Oct. 1, 2004.

New Linux-based appliance solution called Entrust Entelligence Compliance Server.

[Vendor Press Release]. ZyLAB Introduces New E-Mail Archiving and Retrieval Solution. Oct. 4, 2004.

ZyLAB Introduces New E-Mail Archiving and Retrieval SolutionAnother new player in the Exchange archiving arena.


Ross, Suzanne. Find Your Lost Data. Microsoft Research

Find Your Lost DataMore on Stuff I've Seen (SIS) research initiative at MSR ... with new info on Stuff I Should See and a link to Phlat project. Stuff I Should See is somewhat along the lines of the Memigo portal. Interesting ...

Germain, Jack M. E-Mail and Instant Messaging Face Compliance Challenges. TechNewsWorld. Sept. 21, 2004.

Technology News: Trends: E-Mail and Instant Messaging Face Compliance Challenges Interesting quote from R.W. Smith brokerage in which they state a requirement to store all IM and e-mail in searchable format for 3 years. Also info on compliance deployment at Akonix and reference to FDIC statement concerning management of IM solutions in "Guidance on Instant Messaging" warning.

Hartman, Thomas E. The Impact Of Sarbanes-Oxley On Private Companies. Foley & Lardner LLP. Sept. 14, 2004.

Foley & Lardner - United States - The Impact Of Sarbanes-Oxley On Private Companies (14/09/04) from Mondaq Well-written article from a legal perspective detailing SOX impact on private companies. Great reference detailing survey results of good cross-section of privately-held companies.

Stone, Amey. Hardly Ready for Sarbanes-Oxley. BusinessWeek Online. Sept. 20, 2004.

BW Online | September 20, 2004 | Hardly Ready for Sarbanes-Oxley The scramble to comply continues ...

Johnston, Michelle. Executing and IT Audit for Sarbanes-Oxley Compliance. informIT. Sept. 17, 2004.

Articles Part 2 of 2.

Johnston, Michelle. Planning an IT Audit for Sarbanes-Oxley Compliance. informIT. Sept. 10, 2004.

Articles Part 1 of 2.

BBC News. Hard drive secrets sold cheaply. BBC. Jun 9, 2004.

More about security policies than compliance, but illustrates the risks associated with mobile devices and has implications on e-mail policies and PST control.

Sidener, Jonathan. Portable pilfering. SignOnSanDiego.com. Sept. 6, 2004.

Really insightful and thought-provoking article on the risks associated with thumbdrives, USB memory sticks, iPods, etc. from a corporate security and information management perspective. Some good examples including Morgan Stanely VP who sold a used Blackberry on eBay containing unprotected yet sensitive e-mails.

Harrison, Marion Edwyn Esq. E-Mail: When Convenience And Danger Collide. American Daily. Aug. 24, 2004.

Multiple examples of how e-mails have come back to haunt various companies. Touches on (directly or by implication): zeroing out e-mail data; malicious use of others' e-mail; ISP staff reading e-mail relayed through their network; risks of e-mail vs. oral discourse; risk of misinterpretation associated with hastily typed e-mail, and finally; risks of personal use of business e-mail systems, including inadvertant buty apparent actions as an authorized agent and associated liability. Very good article.

Paul, Brian P. Is your employee handbook evolving with technology? Wisconsin Technology Network. Sept. 20, 2004.

Examples of risks posed by technology (i.e., e-mail, IM) from an HR perspective. E-mail threads create a documented history of communications amongst employees, which can end up in court as part of discrimination or harrassment charges, for example. Recommendations include creation of a corporate instant messaging policy that addresses retention policies and appropriate usage for IM.


Ramasastry, Anita. The Proposed Federal E-Discovery Rules. FindLaw's Legal Commentary. Sept. 15, 2004.

Great article written from a legal perspective addressing the age old question of e-mail deletion along with some example case history and discussion of proposed new e-discovery rules.

IDG News Service. Microsoft lawsuit leads to e-mail destruction questions. Storage.itworld.com May 24, 2004.

Older article concerning Burst.com case against Microsoft. Interesting example of a company having to undergo discovery operations to locate e-mails meeting certain criteria.

Riley, James. Protecting Smart Property. Australian IT. Sept. 21, 2004.

Discussion largely centered around strategic importance of Microsoft digital rights management technologies.

Enderle, Rob. How To Justify New PC Hardware or Get Your CIO Fired. TechNewsWorld. Sept. 20, 2004.

Discussion of a new report available from The Institute of Internal Auditors Research Foundation called "PC Management Best Practices: A Study of the Total Cost of Ownership, Risk, Security, and Audit." Report is available for purchase here: http://www.theiia.org/iia/bookstore.cfm?fuseaction=product_detail&order_num=482

Lauchlan, Stuart & Divina Paredes. Legally bound. MIS Magazine.

Some good rationale listed for close relationship between IT departments and other business units in a given company (esp. legal) from a compliance perspective.

Sinclair, Andrew. Professional Brief. The Herald. Aug. 30, 2004.

Some good examples of e-mail retention ... with a few useful guidelines e.g., keep e-mails "authorising expenditure, policy or negitiotiations" among other things.

Mullaney, Timothy. The Irrelevance of Frank Quattrone. BusinessWeek Online. Sept. 10, 2004.

More on the single e-mail that cost Frank Quattrone his reputation, and alot of money.

Copple, Robert F. Firms must pick which data to save. The Republic. Sept. 12, 2004.

Really simple and well-written discussion of e-mail and electronic document retention. Key points: discovery can be expensive; litigation can be debilitating; illegal destruction of e-mail is a bad thing; saving data that doesn't need to be saved can be a bad thing; retention policies need to be simple; complex policies get ignored; document categories for retention purposes should be broad for simplicity; retention time periods should also be simple; selective and automated destruction is a good thing. Mention of Intel's "Pack Rat Day". Great mention of oft-overlooked backup tapes with some good suggestions for backup rotations. Overall a great article!


[Vendor Press Release]. Symantec to Acquire @stake. Sept. 16, 2004.

Interesting announcement by Symantec to acquire this application security software vendor.

Chen, Raymond. A visual history of spam (and virus) email. Sept. 16, 2004.

A visual history of spam (and virus) emailThanks to one of my colleagues for pointing this one out ... interesting visualization of SPAM metrics. (It's been suggested that someone had alot of spare time on their hands and I concur!)

Sengupta, David. Storage Management Considerations Pertaining to Compliance and Exchange. You Had Me At EHLO ... Sept. 16, 2004.

Storage Management Considerations Pertaining to Compliance and ExchangeThe Exchange Team just posted my blog submission on storage management considerations from a compliance perspective. Have a read and let me know what your thoughts are! I wrote this back in August based on my related blog posting here, ... stay tuned for news of a white paper on a related topic ...

Joyce, Erin. Equant Throws Hat Into E-Mail Archiving. Enterprise IT Planet. Sept. 1, 2004.

Equant Throws Hat Into E-Mail Archiving Equant, a provider of Exchange hosting services, has just announced that archival will be part of their outsourced solution. More information on Equant's offerings can be found here.

Muse, Dan. Detect and Block IM - for Free. Enterprise IT Planet. Sept. 15, 2004.

Detect and Block IM - for Free Looks like this article was largely influenced by IMLogic, however still some good information on managing and/or blocking IM usage in the enterprise. References a free tool to block all IM usage. Emphasizes that SOX and HIPAA require archival (under certain conditions) of corporate e-mail "and similar communications".


Barnako, Frank. Microsoft reverses blog decision. CBS MarketWatch. Sept. 16, 2004.

Microsoft reverses blog decision: "Microsoft reverses blog decision". Interesting story illustrating the momentum that's growing around Blogs and RSS. Will be very interesting to see where these technologies go ... companies will have an increasing interest in controlling and managing these types of technologies over the years to come.

Jacques, Robert. IT failing to cope with compliance demands. Forbes.com. Sept. 16, 2004.

Forbes.com: IT failing to cope with compliance demands Article discusses UK survey in which 39 percent of respondents said they were not doing well in supporting regulatory requirements from an IT management perspective.


Sengupta, David. [Vendor News] Beta Availability of PST Management Solution. Sept. 14, 2004.

FYI in case anyone is interested, Quest Software has recently begun beta testing on a PST management solution branded "Quest Archive Manager for Exchange". This product is positioned to assist companies interested in getting control over PST usage in their environment ... especially of interest to companies concerned with e-mail compliance issues. Many of the cases blogged on this site illustrate the risk that e-mails can pose from a liability perspective. If you read my blog awhile back on "Factors to Consider in Implementing an Exchange Compliance Solution. [Aug. 25, 2004]" you'll recall that PSTs (and other offline data) were one of the four major areas that need to be managed as part of a compliance solution for Exchange. Once installed in your environment, Quest Archive Manager for Exchange will automatically discover all PSTs defined in all MAPI profiles on all computers in your environment. These PSTs will be migrated to new mailboxes created on a central "nearline" Exchange server that has been allocated to lower-priority message retention. The MAPI profiles are rewritten to replace PSTs with (a) secondary mailbox(es) of the same name, so the end user will only see the change in icon within Outlook's folder listing. User ability to create new PSTs will be limited/blocked; the net result is (i) removal of all active PSTs across your environment; (ii) centralization of all data that was in PSTs to (a) central Exchange server(s) where it can be managed, analyzed, backed up, etc. and; (iii) control over all future PST creation across the environment. If you are interested in being part of this beta, send me an e-mail at david dot sengupta at quest dot com and I'll forward this on to the appropriate parties.


Deutsche Bank and Thomas Weisel settle securities case for $100M. San Francisco Business Times. Aug. 26, 2004.

Deutsche Bank Securities Inc. fined $87.5M and Thomas Weisel Parnters LLC (Merchant banking) fined $12.5M as part of SEC charges that they failed to provide timely evidence. They ended up scouring over several hundred thousand emails as part of the investigation.

Sorkin, Andrew. Verdict looms for famed US banker. The Age. Sept. 8, 2004.

Today Frank Quattrone will be sentenced for his role in obstruction of justice investigation against him while at Credit Suisse First Boston. Hinges on an e-mail he sent saying simply "clean up those files".


Butzel Long - Sarbanes-Oxley Info Center

Just stumbled across this info center maintained by Butzel Long (leading Michigan law firm). Some really useful documents here notably the docs on SOX impact in private companies ... see Sarbanes-Oxley Act: Overview and Impact on Private Companies PPT and PDF and browse the rest of the docs in the library. Great stuff!

Rose, Michael. Experts try to resurrect SAIF files. Statesman Journal. Aug. 28, 2004.

Excellent article that inadvertently showcases various elements of e-mail forensic recovery specific to allegations against the former president of SAIF Corp. Discussion includes: e-mail as public record; violation of retention policy; forensic discovery of e-mail; backups & policy; cost of forensics; inappropriate disposal of data media; etc.

Kirkpatrick, Katherine. USC Web mail deletes e-mails 180 days old. Daily Trojan Online. Sept. 3, 2004.

According to this article the USC just recently implemented a 180-day e-mail retention policy. All e-mail across the USC e-mail environment will automatically be deleted after 180 days. The article suggests this was driven by the Office of the General Counsel of the University and is related to search costs, security and privacy issues.

Wagner, Jim. Microsoft Faces Lawsuit Over Caller ID for E-Mail. Aug. 11, 2004.

F. Scott Deaver (Owner, Failsafe Designs) has recently announced plans to launch a lawsuit against Microsoft concerning Caller ID technologies, claiming patent infringement.

Casey, Mike. How Sarbanes-Oxley will affect privately held companies. SearchStorage.com. Dec. 5, 2003.

Some good responses from a fellow TechTarget expert on how Sarbanes-Oxley could affect privately-held companies.

NASD Press Release. NASD Orders First-Ever Suspension of Mutual Fund Business and $600,000 in Sanctions Against National Securities Corp. Aug 19, 2004

NASD press release concerning fine and prohibition against National Securities Corp. NASD charged that National was using deceptive market timing and ordered National "to correct supervisory and email retention deficiencies" along with issuing numerous fines (corporate fine of $300,000; president and COO each fined $25,000; president supervisory suspension for 1 month; COO supervisory suspension for 4 months).


Microsoft Corporation. Working with the Exchange Server 2003 Store. Aug. 25, 2004.

Microsoft just published this great resource on working with the store within the context of Exchange Server 2003. Great read.


Kawamoto, Dawn. Veritas buys UK firm. ZDNet UK News. Aug. 31, 2004.

News on Veritas Software's acquisition of KVS Inc. announced earlier today.


O'Neill, Shane. E-mail archiving service offers 'limited liability'. SearchStorage.com. Aug. 10, 2004.

Amerivault E-mail Archiving Service announced earlier this month spawned this (possibly vendor-sponsored) article ... interesting discussion of liability in compliance-related litigation ... is the outsourced archival vendor liable in any way? Mention of Iron Mountain, KVS, Zantas, Connected and others.


Microsoft Operations Manager 2005 RTM

A colleague of mine just pointed me to this blog posting ... Microsoft Operations Manager (MOM) 2005 has been released to manufacturing (RTM) ... you can also find more information on the MOM team's blog here:

Hermida, Alfred. Microsoft backs e-mail controls. BBC News. Oct. 21, 2003.

Older article I just stumbled across ... talks about Microsoft's Information Rights Management (IRM) integration into Microsoft Office to effectively provide control over e-mail forwarding, printing, etc. by recipients.

Another Blog on E-Mail Compliance & Business Controls

I've just recently found out about another blog on e-mail compliance being run by Christopher Byrne ... this is an outstanding blog focused on corporate governance, business controls and reporting, internal controls and other e-mail compliance issues from a Lotus & Domino perspective. Some great resources that are applicable to Exchange environments as well. Congratulations, Christopher, on passing your Certified Information Systems Auditor (CISA) Exam!

Sengupta, David. Factors to Consider in Implementing an Exchange Compliance Solution. Aug. 25, 2004.

Have been thinking about blogging this for awhile. There's alot of buzz in the industry about storage management especially as it pertains to compliance in Microsoft Exchange (and other) environments. Typically this tends towards archival, and alot of the information available in the public corpus is actually written by or commissioned by archival vendors. That said, let's take a step back and look at what I consider the four key areas that a company needs to address as part of a comprehensive storage management strategy to do with Microsoft Exchange. 1. Online Exchange Storage - first of all, companies need to manage what's stored in their production Exchange Infrastructure. From a compliance perspective, this means understanding content in message bodies and attachments stored throughout (a) mailboxes, (b) public folders, and (c) web storage system across the entire enviornment. 2. Exchange Archives - secondly, many companies have or are deploying an archival solution for Exchange. They need to manage their archives in order to understand what's there from a (a) message body and (b) attachment perspective. 3. Offline Exchange Storage - thirdly, companies need to address data that's in offline locations, notably in (a) PST files, (b) OST files, (c) mobile devices (i.e. blackberries, phones) and (d) other locations. While companies would typically like to turn a blind eye to these data storage locations, ignoring them implies substantial risk. From a compliance perspective, you absolutely need to think of PSTs as part of your overall messaging system. Do you know where all your PSTs are? Do you know what percentage of your overall corporate e-mail data storage exists within PSTs? Do you know who is storing e-mail within PSTs on a regular basis? Do you have a way of controlling PST usage? 4. Backups - finally, companies need to address backup media as part of their compliance solution. (a) If companies must retain certain e-mail content, and if backups are their only means of retaining e-mails, then they need to ensure that they're not overwriting backup tapes as part of a regular tape rotation. The vast majority of organizations do not think this through, and are in fact knowingly deleting corporate data that they need to be retaining. (b) Companies need to ensure backups are available when needed, meaning cycling tapes offsite needs to be part of the retention strategy. (c) Companies need to ensure they can actually access data on their backup media, meaning that regular 'fire drills' to test restorability of backups is essential to avoid recovery failures. (d) And finally companies need an agile and fast solution for searching for e-mail or attachment content across multiple backup media so that they are ready to respond to compliance-related investigations and can do so without substantial effort and cost. Companies that take a comprehensive approach to storage management in their Exchange environment will rest assured that they have the breadth of visibility into e-mails and attachments stored across their infrastructure to enforce appropriate retention and destruction policies and to respond to inquiries as they arise.

Rose, Michael. Review of SAIF Starts with Public Records. StatesmanJournal.com. Aug. 24, 2004.

SAIF is currently in court over mis-handling of public records. The former president of SAIF - Katherine Keene - testified that she cleaned out her Inbox by deleting all e-mails at the end of each business day, which was in violation of legislation requiring all public officials to keep most of their e-mail. Think about this some ... are you (i) aware of all the requirements for retention/destruction of e-mail that impact you personally in your role working for whatever organization you're with? (ii) which industry legislation applies to you? (iii) do you adhere to these regulations or are you in violation? (iv) what would the impact be on you personally and/or on your organization if this were to go to court? Scary but important to think this through.

Fowler, Tom. Probe Aims At Top: Investigators say Royal Dutch-Shell officials in sights. Aug. 25, 2004.

More on the SEC investigation of Shell. Part of the investigation centered around an e-mail written in October 2002 by the CEO of the exploration and production business at the time (Walter van de Vijver) in which he indicated there was a problem with Shell's disclosures. This highlights the challenge associated with SEC-type inquiries. Could your company find an e-mail from October 2002 with just knowledge of the subject line or keywords in the body? Where would you look? Exchange mailboxes? E-mail archive? Backup tape? PSTs? .MSGs in the file system? As you think through this you'll see the complexity and massive cost associated with these types of investigations. In many cases investigators will spend literally months restoring tape after tape and searching contents for items of interest. A solution like Recovery Manager for Exchange can drastically simplify this work as it relates to backup media but making sure you understand what's entailed and have a strategic plan in place to address forensic discovery is absolutely essential to mitigating risk, not to mention understanding your obligations in terms of retention and destruction of e-mail and/or documents per industry regulations.

Blum, Justin. U.S., Britain Fine Shell $150 Million. Washington Post. Aug. 25, 2004.

SEC investigation of Shell results in $150 million fine. SEC saild Shell failed to adequately train and supervise employees responsible for estimating and reporting proven reserves. Shell says they're spending $5 million onan internal compliance program as a result.


Semilof, Margie. Microsoft keeping next Exchange data store on layaway. SearchExchange.com. Aug. 18, 2004.

Some interesting quotes from David Thompson (Microsoft VP Exchange). Discussion of Microsoft Best Practices Analyzer for Exchange. Mention of Microsoft "abstracting the storage layer" in future Exchange versions.

Hulme, George. E-Mail Is Risky Business. InformationWeek. Aug. 18, 2004.

Discussion of inappropriate use of e-mail and how this can affect intellectual property or pose liabilities for business. Many companies have appropriate usage policies but few monitor policy adherence.

Brunelli, Mark. Retrieval is the real trick of e-mail archiving. SearchExchange.com. Aug. 11, 2004.

Discussion of growth in e-mail archiving marketplace and drivers including retention regulations. Quotes Ferris Research Marc Lueschner to say the trend in archival will continue to grow for the near future. Also compares adoption rates of archival systems in the U.S. vs. ROW (Rest of World).


Murray, William F. and Roland C. Goss, Esq. Current Issues In Electronic Discovery. Jorden Burt LL. Mondaq's Article Service. July 27, 2004.

Discussion of case in which former investment banker Frank Quattrone was convicted of obstructing justice and witness tampering based on e-mail sent by Quattrone to colleagues encouraging them to destroy files.


Microsoft Corporation. Microsoft TechNet: Exchange Server Assistance Center Launched! Aug. 3, 2004.

FYI the new Microsoft Exchange Server Assistance Center has been launched and represents a central point of contact for you to find information on Microsoft Exchange Server. The Exchange Assistance Center is intended to help connect Exchange users with Exchange-related resources from Microsoft and the broader Exchange community.

Parry, Ed. E-legal and IMbarassing - CIOs must help tame e-mail beast. CIO News. Aug. 2, 2004.

Scott Nathan, an attorney specializing in cyber law and online privacy, delivered a session to CIOs at TechTarget's recent CIO Conference ... Nathan stressed the importance of developing a strategic plan to manage e-mail and instant messaging if companies are to avoid risk embarassment and/or legal issues.

[Vendor Press Release: Changing Mail] Change E-mail Even After It Has Been Read. Aug. 3, 2004.

Interesting product called "Changing Mail" allows content of e-mail messages to be changed dynamically within recipients' mailboxes. Example given was of an e-mail containing a weather forecast that adjusts content while in recipient Inboxes as the forecast changes.

Forest, Jim. E-Mail from Hell. Sojourners Magazine. September 2004

Interesting "e-mail thread" on faith, playing on C.S. Lewis' The Screwtape Letters (which is also well worth the read). Well written so thought I'd digress and blog ...

Yegyazarian, Anush. Is Your Personal E-Mail Really Private? PCWorld.com - Tech.gov. Aug. 4, 2004.

Examination of 1968's Wiretap Act (Chapter 119 of Title 18) and one of its amendments, 1986's Electronic Communications Privacy Act, demonstrating that these Acts actually deny privacy protection in e-mail communications specifically in a way that is contrary to the privacy protection afforded in other forms of personal communication.


Gundling. Mike. What Every Company Should Know About Email Management for Sarbanes-Oxley Compliance. Sarbanes-Oxley Compliance Journal. July 1, 2004.

Simple overview of what companies need to know about Sarbanes-Oxley to assist in navigating the crowds of lawyers, consultants, analysts and vendors all clammoring to provide solutions or advice.

Casey, Mike. Sarbanes-Oxley and how it applies to e-mail archiving. SearchStorage.com Ask the Expert. March 29, 2004.

Discussion of the relationship between the Sarbanes-Oxley Act and e-mail archiving.


Hayes, Frank. E-mail Answers to "E-mail glitch exposes private data in California". Computerworld. Aug. 2, 2004.

E-mail Answers - Computerworld Great list of reader responses on avoiding sending confidential e-mails outside of the corporate firewall & e-mail policy. Responses were to Dan Verton's July 6th article (here) and Frank Haye's subsequent July 12th commentary (here).


Crossman, Penny Lunt. A Lemon That Makes Tasty Lemonade. Transform Magazine. July 2004.

Many companies who have deployed e-mail archival solutions in response to compliance issues are reaping additional benefits from their archival solution. This article expands on this value add.


Chellam, Raju. Can you live without e-mail? The Business Times: Biz IT. July 29, 2004

Reports on recent industry survey in which 60% of respondents said they'd be willing to give up e-mail if virus and hacker threats continue unchecked.

META Group. META Group Assesses E-mail Hygiene Market Development. Tekrati Research News. July 28, 2004.

META Group free online briefing in which they predict consolidation and rapid vendor innovation in the E-mail hygiene marketplace over the years to come.

Fernandes, Julia. CXOtoday. July 30, 2004.

CXOtoday Interesting article from Indian perspective related to the recent Forrester survey on companies monitoring e-mail.

SJPD Sending Warnings, Alerts Through E-Mail. NBC11.com - News. July 29, 2004.

Interesting perspective on compliance and e-mail. :-) The San Jose Police Department (SJPD) has started to use a website to provide communities with a report card of crimes happening in their communities. In addition, the SJPD has started using e-mail to notify residents of important warnings and alerts that affect their neighbourhood.

Million, Paul [Archival Vendor: Metrofile]. E-mail management and the corporate bottom line. ITWeb. July 20, 2004.

Great article on Email management listing the components to look for in an effective e-mail management solution. Obviously slanted towards archival and written to support the vendor's featuresets, but still useful.

Connell, James. Now, e-mail without all that writing. International Herald Tribune. July 30, 2004.

Article about an offering from a company called mail2speak who are providing customers the ability to send voice messages that show up as e-mails in the recipients' Inboxes.

E-mail glut costs business. The London Free Press. July 31, 2004.

Report on a recent survey by Christina Cavanagh, professor at Richard Ivey School of Business at the University of Western Ontario, in which we learn that the average corporate information worker is spending approximately one hour more (over last year) to deal with an overloaded workload. Business users average receiving 54 e-mails a day, not including SPAM. This represents an increase of 13% over the past year. More recent statistics estimate that figure at 64 e-mails a day.

Bermant, Charles. House e-mail bill raises the bar on privacy. The Seattle Times: Business & Technology. July 31, 2004.

The E-Mail Privacy Act of 2004 was recently introduced as a response to a U.S. Court of Appeals decision that the wiretap law did not apply to e-mail. Essentially it attempts to make intercepting an e-mail message as illegal as phone taps.


Jacobs, Paula. E-mail archiving on the rise. SearchExchange.com. Jul 26, 2004.

Title says it all. E-mail archival is on the rise in both regulated and non-regulated industries. Discussion of Health Insurance Portability and Accountablity Act (HIPAA) and the Sarbanes-Oxley Act.


Microsoft Corporation. Lookout 1.2 Available for Free Public Download. July 23, 2004.

Microsoft has released Lookout 1.2 for free public download. They only just announced the acquisition 7 days ago ... great job making this available so quickly! I've been using this solution for a bit and have to say that this is my #1 choice for best Outlook add-in from a productivity perspective. Phenomenal tool, largely for its very, very fast indexing speed and very fast search. I've run tests with complex queries against 250,000+ messages and documents stored across 10+ PSTs and multiple file locations and had results returned in sub-5 seconds. And my Index size is only around 375 MB, which is great when you compare with other solutions (in a similar test that I ran with competitor OutIndex a few months ago it gave me an index size of over 1.6 GB before "giving up" trying to index the same 10 PSTs).  Note the bit on the download site about being able to search:
  • "Email messages
  • Contacts, calendar, notes, tasks, etc.
  • Data from exchange, POP, IMAP, PST files, Public Folders
  • Files on your computer or other computers
  • ... Very soul (okay, not true) "

Heh!  Outstanding tool.

Sengupta, David. Best Practice: Always Use Mailbox as Target for Exchange Journaling for Compliance Purposes. July 23, 2004.

Have been doing some reading lately about message jouraling and archiving for compliance purposes, specifically to do with Microsoft Exchange environments.  First of all, some definitions. 
  • Journaling - refers to the ability to record all communications.
  • Archiving - refers to the ability to remove content from native data storage (i.e. Exchange databases) and store it elsewhere (i.e. File system, SQL, Oracle, mySQL, Tape, HSM, nearline/offline storage, etc.) to reduce capacity.

If you're using the built in Exchange journaling functionality, it's always a best practice to specify a mailbox as a target journaling container.  In other words, don't use a Public Folder (PF) or Contact/Custom Recipient as the target for journaling.  This is because cetrtain types of messages don't survive transport to a Public Folder (by design) including NDRs, etc.  It's always a best practice to journal to a mailbox, and if you need to, to use a rule set on the journaling mailbox to forward/redirect journaled messages to another location (such as an archive).

As an aside, note that there is some blurring of nomenclature when in comes to journaling in Exchange 2000 and Exchange 2003.  The settings to enable message journaling (at the store level only) allow you to "archive all messages sent or received by mailboxes on this store" to a specified recipient.  If you think about what's actually happening here, this is simply journaling and not archival.  But I digress ...

To summarize, always use a target mailbox if you're enabling message journaling in Exchange 5.5, Exchange 2000 or Exchange 2003.  I'll probably flip this into a Microsoft Community Solutions KB Article when I get a chance.


META Group. Microsoft IM Partnership Illustrates Move Toward Convergence of Collaboration and Communication Services, Says META Group. July 20, 2004.

META Group perspective on Microsoft wanting to "own" client experience around real time collaborations, end-to-end. Interesting perspective on Microsoft attempting to "triangulate consumer, entertainment, and corporate markets around rich media."


Nowell, Paul. Banc of America Securities OKs SEC Penalty. phillyBurbs.com. March 10, 2004.

Banc of America Securities LLC could not produce an e-mail thread relating to issues being investigated by the SEC. The cost? A record $10 million fine. Having a product such as Recovery Manager for Exchange would've greatly facilitated their efforts finding that e-mail thread.

Sturgeon, Will. 'Cyber-loafing' signposts motivation problems - ZDNet UK News. July 16, 2004.

"Cyber-loafing" ... sitting around at work surfing the Internet ... has massive impacts on office productivity. Is there a lesson to be learned here?

Graham, Pam. Email-wiping may go to police. The New Zealand Herald. July 17, 2004.

Company in New Zealand (Tranz Rail) accused of "email-wiping" for alleged anti-competitive reasons (against Fast Cat Ferries) ...


Growing Risks of Workplace E-Mail and IM. eMarketer. July 15, 2004.

Results of the '2004 Workplace E-mail and Instant Messaging Survey,' conducted by the American Management Association (AMA) and The ePolicy Institute. Overall suggests most companies are ill-equiped to deal with regulatory inquiries, don't manage their e-mail, and are facing significant risk from IM and e-mail abuse.

Claburn, Thomas. Policies Lag E-Mail's Popularity. InformationWeek. July 12, 2004.

Many companies haven't come to terms with e-mail in the workplace. If this applies to your company, read on ...

Barnes, Andrew. [Vendor Article] The risks of e-mail mismanagement. Continuity Central.

Good article by KVS Global Marketing Director Andrew Barnes. Covers current trends in policy compliance, etc.

Joyce, Erin. Resistance is Futile. Your e-Mail Is Being Watched. Internetnews.com. July 13, 2004.

Forrester Consulting survey reports in excess of more than 43 percent of companies with over 20,000 employees employ staff to monitor and read outbound e-mail. Is someone reading your e-mail as we speak?

Microsoft Corporation Press Release. MSN Announces Investment in Search Technology. Redmond, WA. July 16, 2004.

Interesting move by MSN. Purchase of Lookout brings Index and Search capabilities to Microsoft to be able to search across multiple .PSTs, multiple MAPI datasources, etc. Similar to others on the market like OutIndex, etc. but reportedly faster. I evaluated OutIndex two months ago and could never get satisfactory results unfortunately (huge index, slow performance, never completed indexing 120,000 msgs across 10 .PSTs on one of my computers). Will see where this goes.


Iosub, John C. What the Sarbanes-Oxley Act means for IT managers. TechRepublic. March 19, 2003.

Older article that I haven't blogged yet. Section on Microsoft Exchange and Sarbanes-Oxley has some interesting points on backup tape rotations being a "malpractice time bomb" in that many tape rotations involve overwriting tapes ... meaning your company is knowingly destroying evidence (no this wasn't written by a tape vendor ;-) ).


Travaglia, Simon. BOFH: Addressing the Computer Usage Policy. The Register. July 6, 2004.

Great read if you're in any way involved in establishing or enforcing your corporation's appropriate e-mail usage policy ... or just want a good laugh!


Ulfelder, Steve. Building a Compliance Framework. Computerworld. July 5, 2004.

Great article on building a compliance framework with discussion of IT, leadership, execution, etc. Includes mention of the following technologies: business process management, enterprise resource planning, search and retrieval, storage, security, content management, records management and email archival, data and application integration and business process automation. Great table at the bottom of the article comparing Sarbanes-Oxley, HIPPA, Gramm-Leach-Bliley, SEC 17A-4, 21 CFR Part 11, Basel II, USA Patriot Act, California SB 1386.


UN takes aim at spam epidemic. CNN Technology. Jul 6, 2004

UN says international effort is needed to counter SPAM. Quotes Robert Horton, acting chief of the Australian communications authority.


Evans, Robert. Spam Could Drive Millions From Internet. Reuters. July 6, 2004.

SPAM may drive millions from Internet. [gonna need to move to a print-based media for blog distribution if that happens (sic!) ...]

Gross, Grant. Court Case: E-mail isn't private. IDG News Service, Washington Bureau. July 5, 2004.

Recent U.S. Court of Appeals decision dismissed a criminal wiretap charge against Bradford C. Councilman, who was vice president of Interloc Inc. Essentially gives ISPs the right to read our e-mail.

Hansell, Saul. You've Got Mail (and Court Says Others Can Read It). The New York TImes: Technology. July 6, 2004.

According to the recent federal appeals court ruling, if an ISP "stores" your e-mail even for just a millisecond, then that ISP has the rights to read your e-mail message without a court order.


Hansell, Saul. Two Arrested and Charged in E-Mail Theft. The New York Times. June 24, 2004.

AOL engineer stole 92 million e-mail addresses and sold them to spammers. He and an accomplice were charged with violating the new federal antispam law.


O'Reilly, Dennis. Is E-Mail Doomed? PC World. June 21, 2004.

More discussion around SPAM and phishing (internet scams and fraud ... see Anti-Phishing Working Group site for more info) and their effect on corporate e-mail. Suggestion that solutions could include move away from e-mail to IM-based technologies, increase in encryption technologies or similar.

Callaghan, Dennis. Exhibitor Shortage Puts Brakes on Comdex. eWeek. June 23, 2004.

If you were planning on attending Comdex Nov. 14-16 in Las Vegas, it's been "postponed".


New Blog on Exchange & Security: At the Sharp End

Paul, Missy and the gang have recently launched a blog for 3sharp ... check it out at http://www.3sharp.com/blog/. Will touch on Exchange issues, security issues and occasional ramblings about Missy's experiences working from her home office. :-)

McGuire, David. E-Mail Companies Seek Spam Solution. Washingtonpost.com. June 22, 2004.

Article on today's announcement by the Anti-Spam Technical Alliance, essentially discussing various ways of identifying e-mail senders. One options relies on using header information including reply-to and SMTP gateway IP. Another depends on digital "keys" to verify an e-mail's authenticity.


Hankins, Michelle. Will Sarbanes-Oxley Force Tighter Integration Between Inventory and Financial Systems? Billing World & OSS Today Magazine.June 2004

Interesting dicussion on reconciliation of inventory reports with financial reports. Touches on OSS. Billing World and OSS Today Magazine: " The Sarbanes-Oxley Act of 2002 places greater emphasis on accuracy of a company's financial reports, putting more stress on the finance department to understand the true picture of a company's inventory and assets. The implications for executive level management for poor financial reporting that are spelled out in Sarbanes-Oxley may drive inventory and financial integration projects in the near future. "


Hansell, Saul. The Internet Ad You Are About to See Has Already Read Your E-Mail. The New York Times. June 21, 2004.

When Google announced in April that it would test a free Web-based e-mail service that offered users vastly more storage space than its rivals, it introduced one twist - the ads that users see when they read their mail would be related to the subject mentioned in the message...


[Vendor Press Release] Entrust to Acquire Advanced Content Scanning Capabilities. Entrust. May 19, 2004.

Entrust is entering the fray of e-mail content-level scanning and policy enforcement per their acquisition of AmikaNow! technologies and assets.

McCullagh, Declan. The upside of "zero privacy". Reasononline - Database Nation. June 2004.

Reason: Database Nation: The upside of "zero privacy": "Not content with existing rules, privacy activists have been pressing for more regulations targeting U.S. businesses. Their recent successes include the 1999 Financial Services Modernization Act, better known as Gramm-Leach-Bliley, which regulates the data collection practices of financial services firms. The law has resulted in millions of disclosure statements mailed to consumers, who routinely ignore them. Then there's the Health Insurance Portability and Accountability Act of 1996, which regulates medical care providers. Credit bureaus are covered by the Fair Credit Reporting Act. More efficient and less burdensome are the state laws known as privacy torts. Those punish snoops who pry into someone else's private affairs, anyone who publicly discloses embarrassing private facts, and publicity that shows someone in a false light. Jim Harper, a former Capitol Hill staffer who runs the advocacy site Privacilla.org, says left-leaning privacy advocates have willfully ignored state privacy torts when arguing for more-intrusive regulations. 'Privacy advocates and others have helped to foster the impression that there is no law protecting Americans,' Harper says. 'This is a violation of the trust that many have placed with them. Substantial criticisms of the privacy torts can be made, but they should be made directly, rather than by telling the press, the public, and public officials that no privacy-protecting law exists in the United States.'"

Atlas, Adam N. The Impact of PIPEDA. Globetechnology. June 2, 2004.

Good article on a new Canadian privacy law called the "Personal Information Protection and Electronic Documents Act" (PIPEDA) which went into effect on Jan. 1, 2004 and applies to all businesses and individuals in Canada. Essentially all personal information concerning Canadian or US citizens is protected under the Act. "... PIPEDA prohibits the collection, storage and disclosure of 'personal information' without the appropriate express or implicit consent from the individual concerned. Personal information is any factual or subjective information, recorded or not, about an identifiable individual. Privacy law in the U.S. is not as evolved as it is in Canada or the EU. Personal health information in the U.S. receives protections similar to those under PIPEDA under the U.S. Federal Health Insurance Portability and Accountability Act (HIPAA). In the financial services sector businesses are required to maintain privacy policies (as is the case with PIPEDA), under the U.S. Federal Gramm-Leach-Bliley Act. Where a U.S. business is found to be in violation of its published privacy policy, it can be liable for unfair or deceptive acts or practices in the marketplace under the U.S. Federal Trade Commission Act, the US equivalent of our Competition Act (Canada)."

Sturgeon, Will. Cheat Sheet: Sarbanes-Oxley. Silicon.com. June 10, 2004.

Good high level summary on SOX. Cheat Sheet: Sarbanes-Oxley - printer friendly - silicon.com: "So every file, every email, every IM, every phone call is going to have to be recorded? That's been a lot of people's gut reaction, according to Mark Ellis, CA's director of storage and information management, but it's not quite so extreme. Many companies just assume as long as they do that they will be compliant with that aspect of SOX - which is true, if a little naive regarding the storage and logistics implications of such thoroughness. Ellis describes this reaction as being 'like a rabbit caught in the headlights' and explained that 'people need to know what they must keep'. 'Legal compliance is not about what you need to keep, it's about knowing what you can delete,' he said, imploring companies to find out more about the complicated legislation. "

Schwartz, Ephraim. Sarbanes-Oxley will require a message-storage rethink. InfoWorld. June 11, 2004.

Another good article [driven by EMC's big marketing push of late]. Good quotes: "Traditionally, government regulations don’t specify exactly what a company’s policy should be, but they do specify that if there is a policy in place, that policy must be adhered to. The problem is that, even if a company implements a policy stating that it does not retain e-mail, not every organization will be capable of enforcing such a policy. If compliance auditors find one or two employees who have saved e-mail on their notebooks, there’s a good chance that the auditors will want to look at everybody’s PC. As a result, like it or not, companies will need to retain e-mail as a matter of policy. On average, each user generates roughly 10MB of e-mail data per day, and that figure is forecast to increase to 44MB per day by next year, according to AMR Research."

CIO fails Sarbanes-Oxley. IT-Analysis.com. June 15, 2004.

IT-Analysis.com - CIO fails Sarbanes-Oxley: "Apparently a very large American corporation, who I will not name, asked their internal audit department to review their compliance with Sarbanes-Oxley (SOX), especially section 404 which starts to kick in this year. They failed through lack of controls in the IT department and now the CIO's neck is on the block."

Kopytoff, Verne. Cyber attack interrupts Internet services. SFGate.com. June 16, 2004.

If you couldn't get to Google yesterday, here's why. Cyber attack interrupts Internet services: "However, others said the incident had the hallmarks of a denial-of- service attack, a relatively frequently used technique to disrupt Web sites. Such attacks are often the result of a hacker surreptitiously taking control of other people's computers, then using them to overload a target with data or electronic requests. "

First mobile phone virus strikes. itv.com. Jun 16, 2004.

Interesting. "A computer virus that can infect mobiles has surfaced for the first time. The virus, called Cabir, infects the Symbian operating system that is used in several makes of phone, including Nokias, and spreads through the new Bluetooth wireless technology. "


Garretson, Cara. Compliance costly. Network World. June 7, 2004.

Results of annual Network World 500 survey are released in this article. About 60% of respondents said ensuring compliance with regulations over the next 12 months is "extremely important," while only 2% said the issue isn't important at all. This was the first year this issue was raised in the survey, which was conducted jointly by Network World and Research Concepts and polled 500 network IT executives. Nearly half of the respondents said they will upgrade their applications or purchase new applications this year to ensure compliance with regulations, including the Health Insurance Portability and Accountability Act (HIPAA) and the Sarbanes-Oxley Act. IT executives also are examining data-handling processes and information storage to be sure their operations are up to snuff because such laws can be particular about how corporate information is to be handled and kept.

Hayman, Russell et al. A General Counsel's Guide To Avoiding "Obstruction Of Justice" Liability. McDermot WIll & Emery. June 9, 2004.

This is a really good article that defines in legal terms what is meant by "obstruction of justice" and what the relevant technical implications are for corporate IT departments and, specifically, for Sarbanes-Oxley related incidents. A series of "best practices" recommendations is at the bottom of the article.

Kedrosky, Paul. Next Big Thing: Clean up the Inbox. National Post - Financial Post. June 7, 2004.

Great recent article touching on Sarbanes-Oxley and e-mail. Some quotes ... National Post: "One 1996 study by the Association of Computing Machinery found that subjects had, on average, 2,482 messages in their inbox; they had only an average of 858 items filed in folders. In other words, for every message they had gotten around to filing they had roughly three messages strewn about in their e-mail inbox. I know people like that. One colleague has a few thousand e-mails in his inbox, most of which are months (even years) old. He almost certainly can't find anything in that mail morass, so I'm guessing he keeps it there largely for a feeling of security. Deleting things feels rash, so you might as well keep it -- just in case. Why have we reached this e-mail impasse? Largely because e-mail was intended to be a communications medium; it was supposed to be the electronic equivalent of a brief hallway conversation. Instead it has become something else altogether, a Swiss army knife of the Internet, with responsibilities ranging from communications to personal archives and task management. But e-mail does most of those things poorly. Filing is too hard, tasks scroll off the screen in an ever-filling inbox, and personal archives in e-mail are almost entirely unsearchable. Increasingly, this has consequences. Companies lose sales because leads get lost or accidentally deleted; lawyers lose correspondence in important cases; software vendors worry about vexing e-mails hiding in dark corners; and technical support people lose track of ongoing discussions with frustrated clients. It will only get worse. People are increasingly reliant on e-mail, and they will be more so once the spam problem is reduced -- and once Sarbanes-Oxley's e-mail-retention implications are better understood."

Shropshire, Corilyn. Taming the information age: CIOs join ranks of upper management. Pittsburgh Post-Gazette. June 10, 2004.

More coverage of the CIO Forum and Executive IT Summit held this week ... sessions included those focused on Sarbanes-Oxley. Taming the information age: CIOs join ranks of upper management: "Agnoli, Lahr and Brown this week traded tips and insight on doing their jobs at a panel discussion at the CIO Forum and Executive IT Summit, a two-day conference of local CIOs that ended yesterday at the Sheraton Four Points Conference Center in Cranberry. Challenges ranging from managing wireless data to dealing with computer security and the sometimes obscure Sarbanes-Oxley Act that guides corporate governance were among topics discussed. "

Norton, Rob. The SEC's Top Cop Is Watching You. Corporate Board Member Magazine. Special Legal Issue 2004.

: "Approximately how many companies and individual directors are currently under investigation? The Enforcement Division does not track the number of companies or directors currently under investigation. However, the commission has filed an increasing number of enforcement actions relating to financial fraud or reporting violations over the last several years. For example, in fiscal year 2003 the commission filed 199 such actions, up from 103 in fiscal year 2000. Moreover, in the first half of the current fiscal year the Enforcement Division opened approximately 125 new investigations relating to potential financial fraud or reporting violations. Such matters continue to be among the commission�s highest enforcement priorities."

Massaro, Kerry. Back to Basics: Reliability, Integrity and Customer Focus. Wall Street & Technology Week. June 10, 2004.

Some great quotes in here ...Wall Street & Technology > WST Week > >: "'We're in a bull market in new regulations, which has led to new costs. At the same time we've had market declines, industry revenue declines and industry confidence declines,' Lackritz told the audience. 'This has resulted in what we have today -- a spotlight on compliance,' he said. Reviewing the new regulations, he listed Gramm-Leach-Bliley, the USA PATRIOT Act, global settlement and research analyst regulations, Sarbanes-Oxley, Basel II and the mutual-fund regulations that the Securities and Exchange Commission is now considering. With all of the new regulations at which the industry is throwing time and money, how can the industry keep its head above water and still innovate? Lackrtiz acknowledged that it's not easy. He suggested, however, that technology managers embrace their expanded roles. No longer are they just partnering with the trading and sales teams or operations staff. Today, the technology manager has to partner with the legal team, he said, and he or she 'must be aware of so many other things that are happening in the industry.' 'Every place you go, people are talking about all these new regulations, while budgets are being squeezed. Now the market is just starting to turn around, CTOs also have to deal with compliance, business-continuity planning, identity theft, e-mail ... there are a slew of things that they have to keep up with,' Lackritz noted in the pre-keynote interview. "

Boulton, Clint. EMC Aiming For 'Proven' Compliance. Internetnews.com. June 7, 2004.

Interesting article on "proven compliance" which is becoming a new buzzword in the industry. Having mechanisms set up for journaling or otherwise archiving specific e-mail content is no longer being deemed sufficient ... companies and vendors are being tasked with actually proving end-to-end compliance for their regulatory enforcement processes and technologies.


Toh, Ann. Reaching Integration Nirvana. CIO Asia. June 2004.

CIO Asia - Issue - Reaching Integration Nirvana: "The technology today allows you to comply to the Sarbanes Oxley Act and that may not be relevant to a lot of people here but if they want to list on the U.S. stock exchange they have to comply. Compliance is coming into this which is forcing the interaction of unstructured data with structured data. We can't use an investment model and build ROI based on that but we can certainly address the compliance issue today. "


Simpler-Webb - Exchange Resources New Site

FYI the Exchange Resource Center maintained by Simpler-Webb has been refreshed with a brand new look and feel. Nice site!


The Exchange 2003 Seminar Series

I'll be at this event in Atlanta this Thursday morning ... looks like a great event.


Computerworld White Paper: Charting the Course: A Guide to Evaluating Business Intelligence Products

Good white paper on BI product evaluations based on (among others): Balanced scorecards and key performance indicators (KPIs) Enterprise portals Querying,reporting and analysis of information Data warehouse modeling and deployment Meta-data management Transformations,cleansing and transfer of data Online Analytical Processing (OLAP)

Sullivan, Andy. Government computer surveillance rings alarm bells - Computerworld. May 27, 2004.

Interesting. If you think about it, computer-surveillance programs such as the Pentagon's Total Information Awareness (TIA) initiative or other similar data-mining efforts are really a kind of mega-policy-enforcement initiative. Similar challenges to managing data within an enterprise. Just a bit broader scope and impact.

Evers, Joris. Q&A: Microsoft's Thompson talks about Exchange plans. Computerworld. May 26, 2004.

Microsoft's David Thompson (VP Exchange) discusses future versions of Exchange. Some quotes: "We would expect a release of Exchange around the time of the next release of Office." ... also mentions three roles in future Exchange as "edge, front-end and storage" .... also "the edge services will use SQL technology as part of some of the message-queuing support"

Semilof, Margie. Euthanized Kodiak signals shift for Exchange. SearchExchange.com. May 27, 2004.

This news has been on the street for some time already, but in case you've missed it, the codename "Kodiak" no longer refers to a future release of Exchange per se, but is (at best) being used as a catch-all term for a series of incremental releases in the future past the next major release.

Alliegro, Chris. Microsoft Business Solutions Product Roadmap Update. Directions on Microsoft. Feb. 16, 2004.

Discussion of Microsoft business solutions product roadmap. The FRx and Forecaster solutions relating to Great Plains, Solomon, Navision and Axapta are interesting as they demonstrate Microsoft analytic capabilities on the financial side of things which, depending on the actual implementation of "Project Green" in Longhorn timeframe as suggested in the article, may provide some benefit to non-financial apps running on top of Longhorn. All very far off and speculative but interesting nonetheless.

Your boss may be snooping on you - The Economic Times. May 20, 2004.

More press resulting from EMC/Legato's push into the Indian Exchange market. Will be interesting to watch.

Frauenheim, Ed. From nukes to Sarbanes-Oxley. CNET News.com. May 13, 2004.

Interesting article about Richard Reese, the CEO of Iron Mountain.

Jethwani, Hinesh. Warning: Your Emails & IMs Will be Recorded. CXO today. May 18, 2004.

Sending resumes and daily grapevine scuttlebutts through your mailbox is all set to become a luxury of the distant past, with email and Instant Message (IM) archiving solutions storming into the Indian market.

Askari, Zia. Email archiving soon to become a norm. CIOL IT Unlimited. May 14, 2004.

With email moving beyond convenience and into the role of a strategic communication tool, email communication is becoming an integral part of the decision-making process. More and more countries are going the US way in making it mandatory for companies to save email-based communication. "Email is increasingly coming under scrutiny in criminal investigations and legal proceedings. We have seen in the recent past in US how big companies played with the vital information. Communication based on email has evolved quite a lot and governments in countries like - Japan, Korea, Singapore and Vietnam - are making it mandatory for companies to store email records for a certain number of years," informed Legato Software intercontinental operations strategic development director PK Gupta.

Barth, Ken. Better Backup and Recovery: Know Your Data and Your Storage. CIO Today. May 20, 2004.

Performing a proactive diagnosis of data-management problems is essential prior to considering any acquisition of storage or backup resources. Armed with in-depth information, it is possible to make a responsible decision instead of reactively or reflexively purchasing hardware.

Shapiro, Dmitry. Instant messaging and compliance issues: What you need to know. SearchCIO.com. May 27, 2004.

Osterman Research states that in 2003, 90% of enterprises were using IM to some extent. A survey conducted by Osterman in 2003 revealed that more than 60% of participants cited AOL Instant Messenger as an IM tool workers use; more than 50% cited MSN Messenger. The reason why these public IM tools are used in such overwhelming numbers is simply because it gives users the ability to communicate externally with customers and partners. After all, consumer IM clients are already used by over 100 million users, so this is a logical and efficient means of messaging. The challenge for network managers is how to achieve a unified view of all IM activity on the network, for both corporate IM and public IM usage. The manager needs control over both systems to monitor a variety of compliance issues. Logging and archiving, monitoring, reporting and supervision must meet current and upcoming records retention, privacy and security regulations. The use of IM is growing exponentially faster than the use of e-mail, and IM is predicted to be as common as e-mail within two to three years. Companies need to act now to assess the state of consumer IM use within their organizations and put into place the necessary measures to make sure their IM use does not run afoul the compliance requirements set by Sarbanes-Oxley, financial, healthcare and state regulations.

O'Keefe, John. Messaging Market Assessment. Analyst Corner, CIO.com. May 26, 2004.

The messaging market assessment incorporates the unified messaging (UM) and instant messaging (IM) market. The UM market consists of platforms and services that integrate different modes of communication — e-mail, voice mail, mobile, and fax — that facilitate users' ability to remain in touch.

White Paper: Microsoft Exchange Server: Supporting Regulatory Compliance with Exchange Server 2003. Microsoft Corporation. April 19, 2004.

This white paper explains how to create common message archival systems and properly track and maintain data using solutions appropriate for your organization. Included in this document: Importance of Messaging Current Regulatory Environment Retaining Messaging Data

Foley, Mary Jo. Microsoft's 'PassPort' Out, Federation Services In. Microsoft Watch & eWeek. May 26, 2004.

Discussion of how "TrustBridge" technologies are gradually going to replace Passport.

CIO Insight/Gartner EXP. Research: Sarbanes-Oxley: Are You Ready to Comply? eWeek. May 18, 2004.

Some interesting stats in here on a recent Sarbanes-Oxley study: 88% of CIOs say their IT departments are very involved in compliance 67% say their companies are investing in financial systems to aid in compliance 59% have no IT executive specifically responsible for compliance 44% say their companies will require their CIOs to certify financial results

Schwartz, Karen. Regulation Compliance Tops Companies' Security Concerns. Ziff Davis Channel Zone. May 17, 2004.

Sarbanes-Oxley and lesser known government programs like Graham-Leach-Bliley and Basel II spell opportunity for savvy resellers and integrators.


Thompson, Carolyn. Spammer Sentenced to Seven Years in Prison. eWeek Messaging & Collaboration. May 27, 2004.

Jurors sentenced Carmack to seven years for convictions in March of forgery, identity theft and falsifying business records. He must serve a minimum of three years. Earthlink said Carmack ran 343 illegal e-mail accounts under false names from 2002 until his arrest last May, using them to send unsolicited e-mail ads for things like get-rich-quick schemes and sexual enhancers.


Press Release: Quest Software's solutions for Windows Management win multiple industry awards. May 26, 2004.

Quest Software's solutions for Windows Management win multiple industry awards. Quest MessageStats #1 Exchange Administration Solution of the Year for 2004 (MSD2D People's Choice); Aelita Recovery Manager for Exchange #1 Exchange Backup Solution of the Year for 2004 (MSD2D People's Choice) and Runner up Best Disaster Recovery Utility of 2004 (Fawcette Windows Server System Magazine Reader's Choice); Quest Spotlight on Exchange Runner Up Best Performance Optimization Tool (Fawcette Windows Server System Magazine Reader's Choice).


Dominguez, Alex. Judge orders Microsoft to search for e-mail evidence [Associated Press]. USA Today. May 24, 2004.

Interesting article. Microsoft has been ordered to search deleted email internally for messages containing certain keywords. I wonder what they're using to perform the search?

McBee, Jim. Microsoft Exchange Server 2003 24seven. Sybex. 2004.

Another great Exchange 2003 book just shipped yesterday ... Jim McBee's Microsoft Exchange Server 2003 24seven. Buy a copy today! Congratulations Jim!

Sengupta, David. Review of "Secure Messaging with Microsoft Exchange Server 2003" (Paul Robichaux) Windows & .NET Magazine Windows IT Library May 2004

My review of Paul's latest book "Secure Messaging with Microsoft Exchange Server 2003". Great book! Order a copy now!. Congratulations Paul!


Martin, Steven. Companies Are Learning To Deal With Compliance Issues. InformationWeek. May 20, 2004

Speakers at InformationWeek's Compliance Challenges and Governance Strategies Forum described how they're achieving compliance without disrupting their businesses.

Martin, Steven. Rules, Rules, Rules. InformationWeek. May 17, 2004

Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, Gramm-Leach-Bliley, the USA Patriot Act, the California Security Breach Law, Securities and Exchange Commission rule 17a-4 -- these are but a few of the compliance challenges companies face today.

Quest Software: MessageStats & Aelita Recovery Manager for Exchange win People's Choice Awards 2004!

Just had to blog this. I'm currently product manager at Quest Software for a few Exchange management solutions including Quest MessageStats and Aelita Recovery Manager for Exchange. I'm proud to say that Quest MessageStats (just received the #1 Exchange Administration Solution 2004 People's Choice Award this week, and Aelita Recovery Manager for Exchange received the #1 Exchange Backup Solution 2004 People's Choice Award. Having worked with Exchange for over 7 years I can honestly say (with a stated bias of course) these are phenomenal solutions!

Wong, Carol. Playing by the Rules. Business Feature in Computerworld Malaysia - Vol. 14 Issue No. 7, 8 May - 7 June 2004

Good article on protecting confidential corporate info through IT security and secure access policies. Bit of a case study of Marditech. Touches on ISO 17799 a "detailed security standard encompassing services and software compliance, implementation and security risk analysis." Marditech's security policy covers "areas such as user accountability, privacy and confidentiality, software and hardware configuration, Internet access, e-mail usage and security, among others. "

Antiphishing.org - Stop Phishing and Email Scams

Home page for anti-phishing working group. Good study on phishing trends on this site along with some good related links and resources. [if you're wondering what "phishing" is (definition from this site), "Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.]


Symantec acquires Brightmail - (United Press International)

Interesting play by Symantec. Brightmail has been a leader in the gateway policy enforcement space.


McCracken, Harry. Google's Gmail: Inventive, Influential ... and Not Too Invasive. PC World's Techlog. May 17, 2004.

Google may have stumbled into an unexpected privacy fracas when it announced that its Gmail service would display text ads based on keywords in your incoming e-mail's text.


Stonehouse, David. Behind the scenes. The Age Online - Icon. May 15, 2004..

Interesting quotes: "There is no doubt privacy at work is vaporising. A US study looking at the monitoring practices of nearly 200 companies found that 26 per cent of managers monitored employees' online activities all the time, not just when something gave them a reason to investigate. At the same time, a quarter of the organisations surveyed by Bentley College's Centre for Business Ethics have no procedures or safeguards to ensure the snooping isn't abused, and almost half of the firms lack written guidelines, policies or procedures for monitoring. Personal use of the internet at work is dubbed cyberbludging or cyberslacking and is widespread. Instead of chatting over the water cooler, workers are swapping emails or instant messages. Instead of going shopping on their lunch hour, employees stay at their desks and hit their high-speed connections. According to a survey done by the online career site Vault, seven in 10 workers use the office internet to hit news sites and one in four use it for shopping. A third fancy financial trading at their desks, 13 per cent download music and 4 per cent surf for porn. A third admit to an hour or more a day of personal surfing and another three in 10 confess that their web adventures and personal emails decrease their productivity on the job. More than half say they have been caught. Cyberbludging can hurt the corporate bottom line. The online monitoring company SurfControl estimated in 2000 that non-work-related internet use costs Australian businesses $300 million a year. "


Microsoft and SAP Raise the Stakes for Web Services for the Enterprise [Vendor Press Release]. Yahoo Finance. May 12, 2004.

Interesting read ... specifically the last bullet in the Technology Deliverables: "Integration between SAP NetWeaver, Microsoft Exchange and Microsoft Windows SharePoint Services. Microsoft will deliver repository managers that integrate between SAP NetWeaver Knowledge Management, Windows SharePoint(R) Services and Microsoft Exchange Server. The repository managers are expected to be available in early 2005." [Thanks for William Lefkovics and Sig Weber for bringing this to my attention. :-) ]

Olsen, Stefanie. Judge ties antispammer's hands. CNET News.com. May 11, 2004.

Interesting story about how a Spammer has won a court injunction *against* an anti-Spam service provider alleging that the anti-Spam service provider (SpamCop) was blocking messages without providing any information concerning complaints to the Spammer. (confused yet? read on ...)


Semilof, Margie. Spam filter, Exchange 2003 SP1 to launch at TechEd. SearchExchange.com. May 4, 2004.

Featured discussion with Ed Wu (Product Manager, Exchange Server) concerning SP1 and what's entailed. Marketing launch of SP1 will be at TechEd this year (May in San Diego).


Chenault, Daniel. Content Security in the Enterprise - Spam and Beyond. eBook. 2004.

High-speed Internet access has become ubiquitous across small and large enterprises worldwide. Businesses acknowledge that Internet applications such as email, Web browsing, and instant messaging are essential ways to communicate with customers, suppliers, and partners. But with the opportunities that these applications provide come many risks and threats that an organization needs to address. This book explores these risks and discusses ways in which they can be reduced or eliminated by limiting inappropriate use, eliminating spam, protecting corporate information assets, and ensuring that the Internet is secure and available for authorized business purposes.

Bryant, Steve. The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003. eBooks. 2004.

This eBook (sponsored by Quest Software) will educate Exchange administrators and systems managers on how to best approach the migration and overall management of an Exchange 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security and management.

Roberts, Paul. E-mail provider tries message fingerprinting. InfoWorld. April 12, 2004.

E-mail provider Everyone.net Inc. says it has a new program to protect e-mail users from one by-product of the plague of unsolicited commercial ("spam") e-mail: bounced e-mail messages. The San Jose, California, company plans to announce an enhanced e-mail protection service called Total Protection 2.0 Tuesday at the ISPCon conference in Washington, D.C. The new service includes a technology called Email Fingerprint, that can stop "bounce storms," in which e-mail users who have had their e-mail address stolen by spammers or e-mail worms receive a flood of returned e-mail messages.

Rosen, Jeffrey. Data Surveillance. Washingtonpost.com. April 20, 2004.

Most Americans do not care about exposing themselves to massive data surveillance but they should, says George Washington University law professor and New Republic legal affairs editor Jeffrey Rosen in his new book, "The Naked Crowd." Rosen discussed technology and the uneasy balance between security and privacy on April 20 at 2 p.m. on washingtonpost.com.

Editorial. Too Many Firms Still Not Enforcing Internet Policies. HR Gateway.com. April 19, 2004.

Although the vast majority of firms now understand the need for an Internet policy, almost four in ten do not strictly monitor employee surfing, according to a new poll.

Seda, Catherine. Stopped in Your Tracks? Entrepreneur Magazine. May 2004.

Interesting article with "5 tips to make sure your e-mails don't get tagged as spam". Looks like this is intended as a tips and tricks article for spammers ...

Holmes, Leonard. Emailing Your Doctor or Therapist. Mental Health Resrouces. April 2004.

Atricle discussing e-mail policies concerning communications between doctors/therapists and clients. References American Medical Association standards for email communications between physicians & patients.

MacAskill, Ewen & Michael White. How Email became a Diplomatic Incident. Guardian Unlimited. April 28, 2004.

Interesting article on how a casual email that began in a Libyan internet cafe became the 'Arabist revolt' letter signed by 52 former British diplomats that is wreaking havoc on Downing St.


Microsoft Research. Stuff I've Seen Prototype Tool. 2003-2004.

This is an interesting prototype tool designed by the Adaptive Systems and Interaction Team at Microsoft Research that attempts to provide a unified search engine spanning multiple datasources i.e. PSTs, MAPI, File System and presumably SPPS, etc. Interesting. There's a good screenshot here http://research.microsoft.com/adapt/sis/images/screenshots/IQScreenShot[1].png. There's also a good writeup on this other blog http://www.michaelhanscom.com/eclecticism/2003/11/stuff_ive_seen.html ... apparently Stuff I've Seen will remember ANY website, network resource, etc. that's been visited over the past 365 days and include this in it's searchability. I could use this today! As I continue to think about e-mail policy enforcement, one thing is becomming extremely clear -- being able to search effectively and rapidly across multiple Microsoft Exchange-related datasources (esp. Multiple .PSTs, MAPI private folders, MAPI and non-MAPI public folder hierarchies, etc.) is important to any comprehensive solution for the e-mail policy-enforcement problem facing today's enterprise.

MacDonald, Heather. What We Don't Know Can Hurt Us. Frontpagemag.com. April 20, 2004.

Bit of a rambling article on anti-terrorism efforts vs. privacy concerns. Interesting mention of Microsoft's "Data Mining Exploration Group" and it's purported 'founder', Usama Fayyad.


Report of Davis Polk & Wardwell to The Shell Group Audit Committee - Executive Summary. March 31, 2004

Full text of the executive summary concerning the now high-profile Shell investigation concerning compliance with SEC regulations. E-mail evidence forms a significant portion of what's discussed in this document.

Survey Report: People and technology. Chartered Institute of Personnel and Development. June 2003.

Some interesting quotes in this report, which was based on responses to a questionnaire sent to 4,000 HR professionals across a range fo sectors in the UK in March 2003. With the use of an additional telephone survey, 317 responses were received.: - "We also asked survey respondents about their staff use of the Internet and e-mail. Although 94% of the organisations surveyed have a policy on this, 59% report problems arising from misuse of the Internet or e-mail by employees. The majority of those respondents reporting such problems (85%) have taken disciplinary action short of dismissal or suspension for such misuse within the past five years. Fourty-two per cent have dismissed employees, and 27% have suspended staff." - "90% of private sector organizations have taken disciplinary actions as a result of staff misues of the Internet or e-mail, compared with 77% of those in the public sector" - "The survey suggests that HR policies on staff use of the Internet and e-mail are now widespread .... Where such abuse by staff occurs, the costs for organizations can be high - for example, in time-wasting by staff, damage to the organisation's reputation where inappropriate e-mails are sent externally, or even fraud or other criminal activities by employees. The need for an effective well-communicated policy in this area is therefore urgent" ... see p. 14 of the report (esp. Table 9) for more details.


Allen, Doug. E-Mail Storage: Your Next Mission-Critical Application. Network Magazine. March 3, 2004.

Interesting article on e-mail storage from the perpectives of (i) regulatory compliance and (ii) overal value to business. There's also an interesting "E-mail Retention Timeline" in the left sidebar. Quotes from the article: - "Don't think that because you put something somewhere on day one, your job is done. E-mail, like all relevant data, has a life of its own." (Duplessie, ESG) - "Internally, business and IT groups must make certain that a system is in place to ensure that privacy policies are followed and personally identifiable information is protected" (Matt Cain, Meta Oct. 2002 Research Note).


Robichaux, Paul. Exchange and Windows Storage Server, Together at Last. Windows & .NET Magazine. April 15, 2004.

Paul comments on the new Windows Storage Server made at the Storage Networking World Spring 2004 conference in Orlando this week.


Whitepaper: Achieving Sarbanes-Oxley Compliance and Working Capital Management Goals Using Industry Best Practices. Icons, Inc. - BankingInfoSec.com

This document focuses on how innovative new technologies are helping enterprises deploy and utilize industry best practices in this new era of increasing quality and compliance requirements. It specifically addresses two sections of Sarbanes-Oxley: Section 302, which covers accuracy of financial reporting and timeliness of disclosure procedures, and Section 404, which governs the internal controls used by public companies to ensure and measure the propriety and precision of financial reports. This paper also describes how Working Capital Management Solutions can be used in the financial supply chain to achieve compliance and quality goals.

Parker, Xenia Ley. The Impact of Sarbanes-Oxley Compliance on IT Audit. SmartPros. April 2004.

From the boardroom to line management, people are talking about compliance with the Sarbanes-Oxley Act of 2002 ("SOX"), designed to "protect investors by improving the accuracy and reliability of corporate disclosures." Auditors, both internal and external, are challenged to meet the new requirements. Because the Securities and Exchange Commission oversees financial reporting of listed companies, it is responsible for enforcing compliance rules.


Robichaux, Paul. The Security Bug That Wasn't. Windows & .NET Magazine. April 8, 2004.

Commentary by Paul Robichaux on a recent "security bug" published by NTBugTraq.


Gates, Bill. Executive E-Mail: Microsoft Progress Report: Security. Microsoft Corporation, March 31, 2004.

Text of Bill Gates' executive progress report on security innovation. Touches on Exchange Edge Services. Four main security-focused investments will be in (i) isolation & resiliency, (ii) updating, (iii) quality and (iv) authentication & access control.


Katt, Spencer. Luck O' the Katt. Spencer Weekly Opinion Column, eWeek. March 15, 2004.

Interesting rumours ... -IBM possibly to pick up Peregrine? -HP possibly to buy BMC or NetIQ? -BMC possibly to buy NetIQ? ... will be interesting to see the Windows/Exchange/AD management space in another year.

Valentine, Lisa. Alcoa CIO Rudi Huber: Transforming Global I.T. CIO Today. March 24, 2004.

Dialog with Alco CIO Rudi Huber about the challenges faced by Alcoa. Touches on Sarbanes-Oxley and use of various Microsoft technologies.

Tech Firms in Clover Over Regs. New York Post Online Edition. March 31, 2004.

Likens fiscal magnitude of Sarbanes-Oxley compliance challenges with those of Y2K ... "Businesses will spend about $5.5 billion this year to comply with the Sarbanes-Oxley Act, according to AMR Research, including about $1 billion on software. "

Garner, Rochelle. Microsoft, Oracle Target Sarbanes-Oxley. CRN. Mar. 30, 2004

Mention of how Microsoft is facilitating Sarbanes-Oxley compliance with Sections 404, 302 with the Microsoft Office Solution Accelerator for Sarbanes-Oxley, Microsoft Windows Server 2003, Windows SharePoint Services, Office InfoPath 2003 and SQL Server 2000. Microsoft has expanded free use of the Sarbanes-Oxley Solution Accelerator from SA customers to all customers.

Sarbanes-Oxley: Little Time Left. IndustryWeek.com April 1, 2004.

Time's running out for SoX compliance ...


How to send email when you are dead. The INQUIRER. March 25, 2004.

Just had to blog this ... amusing. DOT.COM has come up with a way that you can send emails when you are dead. According to the Cleveland television studio WEWS there is always a problem when you are dead in that you cannot email your friends and relatives of your current change of state

Compton, Jason. The European Email Market Is Poised for Growth. DestinationCRM.com: March 25, 2004.

Europe has dozens of languages, thousands of historic sites, and is approaching 200 million email users, according to a new study from The Radicati Group. Currently comprising just fewer than one third of the world's email users, the report looks at critical trends for growth in the European corporate messaging market from 2004 to 2008.

MessageLabs Listed in the `Visionary' Quadrant By Influential Industry Analysts in Magic Quadrant for Enterprise Spam Filtering.TMCnet.March 29, 2004.

MessageLabs Listed in the `Visionary' Quadrant By Influential Industry Analysts in Magic Quadrant for Enterprise Spam Filtering.

[New] 2004 Email Technology Conference to be Held in San Francisco, June 16-18. Silicon Valley Biz Inc. March 30, 2004.

Interesting all-new conference just announced ... called Email Technology Conference ... aka "ETC 2004" ... in San Francisco Jun 16-18, 2004. Speaker lineup includes Matt Cain (Meta), Maurene Caplan Grey (Gartner), Michael Osterman (Osterman Research), Phil Zimmerman (PGP Founder), Nancy Flynn (ePolicy Institute). Looks to be a pretty heavy focus on policy ... "General topics that will covered at the Email Technology Conference include email infrastructure, marketing practices, security, policy, filtering, legal issues, future of email, wireless email, and international perspectives." See http://www.etcevent.com/ for info ... early registration until April 30, 2004.

NSW to outlaw unauthorised cyber snooping. www.smh.com.au. March 30, 2004.

Legislation in Australian state (New South Wales) will now prohibit unauthorized e-mail surveillance without a court order. If surveillance is to be implemented then something like a popup warning could be implemented to warn employees of this surveillance (per ABC News story at http://www.abc.net.au/news/newsitems/s1077250.htm)

Sherriff, Lucy. Email filter patent puts industry on Edge. The Register. March 30, 2004.

Interesting new twist in the industry as a result of a US patent acquired by Postini. The patent effectively says that any system which intercepts mail, filtering viruses and spam messages from the inbox and then sends what's left to the intended recipient is using Postini's intellectual property (IP). This could apply to a large section of the anti-spam and anti-virus market. Postini's patent describes using a modified DNS address to redirect email to an email pre-processing service which can "detect and detain unwanted messages such as spam, viruses or other junk email messages". It covers various actions that could be performed on an incoming message, based on a user's settings. These include deletion, forwarding, forwarding of partial messages and mailing to several addresses. It also covers broadcasting the message to one or more wireless devices.


Brunelli, Mark. E-mail archiving market poised to explode. SearchDomino.com. March 16, 2004.

Discussion of Radicati Group Study that predicts over $2.3 billion market growth for archival vendors over the coming four years, as companies seek to ensure "internal policy complaince" ... Quote: Vinu Jacob, senior messaging engineer for the New York-based law firm Willkie, Farr & Gallagher, said that his IT department uses an e-mail archiving system to manage the deletion of e-mails after a set period of time. "We basically have a compliance issue where we are actually protecting the company against discovery orders," Jacob said. "We have a 30-day policy on e-mail retention." Jacob said that his firm gets 50,000 e-mail messages a day. Before purchasing e-mail archiving software, e-mails were deleted manually using a native Microsoft Exchange utility. "This was a very difficult and onerous task," Jacob said.

Hoffman, Thomas. Sarbanes-Oxley sparks forensics apps interest. Computerworld. March 26, 2004.

Discussion of renewed interest in computer forensics tools that assist with compliance and identification of possible fraudulent use of company assets.

Cybersecurity liability seen increasing. CNET News.com. March 28, 2004.

Mention of Sarbanes-Oxley & Email as another proposal to require public companies to disclose cybersecurity efforts was shelved last fall after business groups objected.


Corp Law Blog: The Sarbanes-Oxley Blues

Text of "The Sarbanes-Oxley Blues".

Corporate Compliance ADVISOR Magazine Info. Spring 2004.

Info at Advisor.com about their new forthcoming magazine called "Corporate Compliance ADVISOR magazine". Due out in Spring 2004 according to the site.

White papers: Doculabs' white paper - HP content management solutions for your Sarbanes-Oxley Act Compliance. HP.com. Feb. 25, 2004.

Touches on HP Autostore technologies and Microsoft Exchange data with respect to Sarbanes-Oxley.

Microsoft Office Solution Accelerator for Sarbanes-Oxley. Microsoft.com PressPass Article. December 2003.

Description of Microsoft Office Solution Accelerator for Sarbanes-Oxley.

Text of John Connors, CFO, Presentation to Financial Analysts in Boston. Wyndham Boston Hotel, Jan 27, 2004.

Presentation by Microsoft CFO to Boston audience of financial analysts. Touches on Sarbanes-Oxley & Microsoft Exchange Server.

Microsoft for Partners - GTM - Operational Efficiency

Some interesting resources related to "Operational Efficiency" one of Microsoft's GTM (=Go To Market) Initiatives. The Vision Papers are great.

Addressing Sarbanes-Oxley and Email/Records Management. KVS website.

Good page on KVS Inc. website (KVS is an Exchange archiving vendor)

Cabinet Approves Certified E-mail Bill. Rome, March 25, 2004. Agenzia Giornalistica Italia.

Italy's cabinet approved a bill today that gives legal value to e-mail considered "certified mail".


The Seattle Times: Business & Technology: More people cutting back on e-mail because of spam. March 22, 2004.

Some interesting stats on SPAM ... "The average U.S. online consumer received 3,920 unwanted commercial e-mail messages last year, according to Jupiter Research. And there's little, if any, relief in sight. "

JupiterResearch: U.S. E-mail Marketing Spending Will Rise to $6.1 Billion in 2008. March 23, 2004. Tekrati Research News

According to JupiterResearch U.S. E-mail Marketing Spending Will Rise to $6.1 Billion in 2008. They suggest SPAM isn't the biggest problem, rather it's legitimate marketers.

Mittelstaedt, Martin. $105,000 bought Ontario Hydro an e-mail. March 23, 2004. The Globe and Mail

Only in Canada, eh? Ontario Hydro doled out CDN$105K and all they got in return ...

CBC. Police searched reporter's garbage, e-mail. Ottawa, March 24, 2004. CBC News.

Interesting article concerning a national security-related investigation of Ottawa Citizen reporter Juliet O'Neill. According to this, RCMP apparently searched through 2 Million emails on their own servers for some scrap of evidence related to this case. Wonder what software they used for their audit? :-)

Dunn, Andrew. Principal Apologizes for Joke E-Mail. March 24, 2004. The Ledger.

Lakeland Principal sends out an e-mail joking about ADD that gets him into trouble.


QUEST SOFTWARE COMPLETES ACQUISITION OF AELITA SOFTWARE Combination of Technologies and Expertise Expands Quest’s Footprint in the Microsoft Infrastructure Management Market Segment.

Pea, Em C. Column: It's Still Not Done. Nov. 2003. MCP Magazine.

MCP Mag's "to-do" list of requests for Exchange Server 2005 (or whatever it'll be called).

Oracle promises major Collaboration Suite update

Oracle says they'll launch a major update to their Collaboration Suite. Will be interesting.


Brightmail - Products and Services - Brightmail Anti-Fraud

Brightmal's Fraud Stats page.

Brightmail - Spam Percentages and Spam Categories

Brightmail's SPAM Statistics page.


Lacy, Sarah. Archiving old e-mails makes big business for startups. Silicon Valley/San Jose Business Journal. Feb 23, 2004.

Article on startups in the Exchange archiving market. Mention of Zantaz's Educom acquisition.


SearchExchange.com Webcast: Simplify Your Exchange Migration Planning. March 11, 2004 12 PM EST. Sign up here.

Sign up for this SearchExchange.com Webcast today.

Ambrosio, Johanna. The next step for meta data: Application integration. ADTmag.com. Feb. 1, 2004.

This article takes the perspective that managing vast amounts of unstructured data (i.e. e-mail) should really be all about managing the associated meta data well.

Bushell, Sue. To Have and to Hold. CIO. Feb. 6, 2004.

Article on overwhelming growth in e-mail storage requirements. Touches on SoX. Has some good tips on defining a storage architecture, treating storage as a service, and choosing a storage vendor.

Kral, Ron. Technology Implications of Sarbanes-Oxley. Wisconsin Technology Network. Jan 28, 2004.

Very well-written overview of Sarbanes-Oxley esp. from the perspective of impact of Sections 302, 404 and 409 on content, document and process technologies.

ePolicy Institute - ePolicies

Great page on eMail policies.

New Survey on Workplace E-Mail Reveals Disasters in the Making: 14% of US Companies Ordered to Produce Employee E-Mail. The ePolicy Institute. 2003.

Results of 2003 Electronic Policy & Practices Survey. Many good quotables ... worth a read.

Execs Rely on Admins to Manager E-Mail Overload, Poll Reveals: Admins Often Ghostwrite and Delete the Boss' E-Mail. The ePolicy Institute. Apr. 15, 20

Some interesting stats concerning administrative assistants ghostwriting e-mails. 43% of administrative professionals ghostwrite e-mail under executives' names. 29% of admins are authorized to delete e-mail addressed to the executive. 26% of admins screen executives' in-coming e-mail.

Smith, Erika. E-mail deluge ups demand for storage space. Indystar.com. Feb. 16, 2004.

Another article on SoX and archiving. This one has some good quotables including: "E-mail has now become such an accepted form of communication that it now can be subpoenaed into court," said Hager (managing partner of Akron Ohio accounting firm Schlabig & Assoc.) A recent ePolicy Institute survey of 1,100 U.S. companies found that 14 percent have been ordered by a court or regulatory body to produce employee e-mail, up from 9 percent just two years ago.

Burry, Christopher & Merideth Carroll (Avenade). Save or toss? Key Considerations when Archiving Email - Computerworld. Feb. 20, 2004.

Good brief primer by two folks at Avenade concerning e-mail policy and the role of archiving ... emphasizing the need for companies to establish an email management policy.

Lucas Mearian. Regulations, volume and capacity add archiving pressure - Computerworld Sidebar. Feb. 16, 2004.

Good article with lots of tangible examples of companies employing archival solutions to assist with regulatory compliance and e-mail storage volume.

ZANTAZ, EDUCOM Aim for Email Archiving Dominance. Internetnews.com. Feb. 18, 2004.

Another e-mail archiving vendor purchased. ZANTAZ has acquired Ottawa-based Educom TS Inc.

Hard Drive WORM Could 'SNAP' Users Into Compliance. Transform Magazine. March 2004.

New appliance SnapLock solution from Network Appliance (who purchased IXOS) that archives e-mail using a traditional permanent WORM-type approach. Vendor suggests this as a solution for regulatory compliance i.e. SoX, SEC 17a-4, Basel II, HIPPA, 21 CFR Part 11 and the EU Data Protection Act.

Ximian Evolution

Fascinating ... I just had to have a look at this product. Some cool screenshots of this Linux Email client that can connect to Exchange via the Ximian Connector for Microsoft Exchange (http://www.ximian.com/products/connector/).

Moscovic, Jeremy. Linux Hits Microsoft Desktop. Microsoft Certified Professional Magazine Online, March 1, 2004.

Interesting commentary on LinuxWorld 2004 and especially concerning Ximian Evolution, a Microsoft Outlook 'clone' that, when combined with Ximian Connector for Microsoft Exchange (another product that Ximian sells) allows MAPI-connectivity to Microsoft Exchange Servers.

Moore, Cathleen. InfoWorld: Accellion rolls out e-mail attachment caching: February 25, 2004.

Interesting appliance-based attachment caching solution by Accellion. [Accellion is an archiving vendor.]

E-mail Ensnarls St. Louis-Based Bank in Privacy Inquiry. BankInfoSecurity.com. Feb. 2004.

Brief article on Southern Commercial Bank's e-mail woes. Essentially they emailed unsecured personal data to an independent computer programmer ... getting them into hot water.

Kavanagh, Rich. The top ten email spamming countries. I.T. Vibe. Feb. 26, 2004.

Top 10 Spam-generating countries are (in decending order): US, Canada, China, S. Korea, Netherlands, Brazil, Germany, France, UK, Australia, Others ...

Brelsford, James et al. The Federal CAN-SPAM Act -- New Requirements for Commercial E-Mail. Jones Day. Feb. 26, 2004.

Commentary on US Federal CAN-SPAM Act passed by US congress in December 2003.

Email Marketing: Best Practices. Opt-in News (SubsciberMail.

Interesting article on e-mail marketing best practices written by an e-mail marketing company.

Dutta, Sanjay. Postal e-volution: Dakiya e-mail laya - The Times of India. Feb. 26, 2004.

Interesting article about how e-mail is playing a vital role in inter-post-office communications within India's snail mail system. Basically mail is scanned at one post office, sent to the destination post office via e-mail ... printed out, stuffed in an envelope and ... you guessed it, hand delivered to its destination!

Boswell, Bill. Column: Exchange 2003 Migration Roadmap. Microsoft Certified Professional Magazine Online. Feb. 2004.

Step-by-step roadmap for companies migrating from Exchange 5.5 to Exchange 2003.

Microsoft Exchange MVP Bios. Microsoft Corporation. Feb. 26, 2004.

FYI this link was just posted on microsoft.com featuring the 100 or so (my things have grown!) Exchange Server MVPs worldwide.

Microsoft Office Solution Accelerator for Sarbanes-Oxley

The Microsoft® Office Solution Accelerator for Sarbanes-Oxley can help organizations facilitate compliance initiatives related to sections 302 and 404 of the Sarbanes-Oxley Act. The accelerator combines software components, templates and architectural guidance, allowing customers and partners to implement complete solutions that enhance visibility over financial processes and internal controls.

HP Exchange 2003 Customer Academy. March 15 - 19, 2004, Orlando. Hewlett-Packard Company.

This outstanding event will be held March 15-19th in Orlando. Some of the top HP Exchange experts such as Donald Livengood, Pierre Bijaoui, Kieran McCorry, Kevin Laahs, Dung Hoang-Khac and others will be leading this event. Should be fantastic! Event registration is now full.

CRN : Daily Archives : Microsoft Exchange Gets New Boss : 2:03 PM EST Mon., Jan. 12, 2004.

Mention of David Thompson's taking the helm of the Exchange Server Product Group from Mohsen Al-Ghosein.

IBM Remail. International Business Machines.

Writeup on IBM Remail client. Some interesting ideas and concepts here (and a lot of similarities to Outlook as well). Things I found interesting were: · their treatment of threading · their incorporation of RSS, NNTP & blogs into their mail reader · in-sight and out-of-sight concepts · thread arcs and the whole visualization attempt at mapping data

Solution Accelerator for Microsoft Systems Architecture (MSA) Enterprise Messaging. Microsoft Corporation. Feb. 4, 2004.

This Solution Accelerator takes advantage of the earlier Microsoft® Systems Architecture (MSA) documentation and extends it by providing guidance for integrating and delivering messaging services.

Microsoft Exchange Controls 31% of Corporate Business E-mail Market. The Radicati Group Inc. Feb. 25, 2004.

A New Study From The Radicati Group, Inc. Shows That the Installed Base of Exchange 2000/2003 Is Surpassing That of Exchange 5.5

Nash, Emma. New features added to SA licensing. Computing, Feb. 25, 2004.

Microsoft has started to restrict certain Exchange functionality and other related items to its Software Assurance (SA) subscriber base. Additional SA benefits include training vouchers and the Intelligent Message Filter (IMF) coming in Exchange 2003 SP1.

Murphy, Kevin. Gates Rallies Support for Email Authentication. Computer Business Review Online, Feb. 25, 2004.

References Bill Gates' recent proposals for e-mail "caller ID" during his keynote at the RSA Conference 2004. Also references Coordinaged Spam Reduction Initiative that Microsoft (CSRI) White Paper and related request for comments from the industry. Also touches on Microsoft Exchange Edge Services, also announced at the event.

Investigation launched into e-mail leak about Pacific Lumber fraud suit (AP). SignsOnSanDiego.com. Feb. 19, 2004.

Email concerning lawsuit against Pacific Lumber somehow stolen from computer of Assistant District Attorney.

E-mails you wish you’d never sent: E-mail is a great tool of communication but sometimes just a click of the send button can spell disaster. BBC News.

Discussion of leaks from Pentagon, Royal Navy, UK Ministry of Defense to schoolgirl Claire McDonald through mistaken inclusion in Distribution List (typo).

Guardian Unlimited - Observer Exclusive. US Plan to Bug Security Council. Mar. 2, 2003.

Text of the leaked email referenced in Lane.

Lane, Megan. The rise of the whistle-blower. BBC News Online Magazine. February 26, 2004.

Discussion of how Katharine Gun’s (translator working at GCHQ) leaked email demonstrated that UK Government Communications Headquarters (GCHQ) was asking British intelligence service officers to tap phones of UN delegates about to vote on war in Iraq.

Clearing that e-mail backlog. BBC News, August 27, 2003.

Article on e-mail overload.

Ward, Mark. When e-mail bites back. BBC News. Sept. 1, 2003.

This excellent article is part of a 10-part series the BBC did on e-mail usage.

BBC News. Microsoft launches 'leak-proof' e-mail. BBCi, October 19, 2003.

Discussion of Microsoft's "Information Rights Management" which will help prevent recipients of e-mails from printing, forwarding or reading certain e-mails.

Summers, Bobby. E-mail leak may have cost provost's job. Daily Cougar, September 25, 1995.

Older article (1995) concerning e-mails leaked from the University of Houston. Demonstrates that e-mail leaks have been around for a long time.

White, Michael & Andrew Clark. Special report: Paddington Train Crash - Ministers bid to plug email leak. Guardian Unlimited, June 7, 2002

E-mails leaked from the UK Department of Transport concerning the Paddington train crash. [Includes link to leaked e-mail exchange.]

Understanding Exchange Usage: Analysis & Reporting

I'm currently working at Quest Software as Product Manager for a number of Microsoft Exchange management solutions, including this one - Quest MessageStats. MessageStats focuses heavily on Exchange usage, capacity and service delivery metrics, and includes great inventory reports to help out in pre-migration assessments (or other Exchange assessments) if you're planning an Exchange migration (from Exchange 5.5 to Exchange 2003, for example). [Quest Software is a vendor with many solutions for Windows and Exchange management & migrations.]

Sarbanes-Oxley Act 2002 & Email

This article by KVS Inc. provides a good overview of the Sarbanes-Oxley Act 2002 (Sections 302 & 404) as they apply to e-mail and e-mail archival. [KVS Inc. is an E-mail archival vendor.]

Email Compliance Webinar: SEC17a-4, Sarbanes-Oxley and HIPAA

This biweekly web seminar by AXS-One provides an overview of policies (i.e. SEC, NASD, SEC17a-4), Sarbanes-Oxley & HIPPA) as they apply to e-mail and, specifically, e-mail archival. [AXS is an E-mail archiving vendor.]