cc:Betty: A cool web app you may want to block

If you haven't looked at Palo Alto-based cc:Betty yet, perhaps you should. cc:Betty promises to keep everyone on the same page. Still in beta, it's a useful web app that helps users organize their email communication, collects email content, catalogs attachments and files, and also maintains your contacts.

It's also amazingly simple to use. Besides adding content on the cc:Betty web site, users can simply add [email protected] as an additional recipient (To/Cc/Bcc) to email they send, and it shows up in their cc:Betty account - email content, attachments, et al. With the click of a button, users can publish the discussion to their Facebook feed.


Figure 1:With the click of a button, cc:Betty posts your discussion to your Facebook profile

And therein lies the threat to your data!

Although it's an impressive tool for personal use (the usual caveats about personal information and privacy apply), organizations and IT departments must consider the consequences carefully. Many small businesses and organizations operating in unregulated industries or locales may not consider themselves to be at risk and actually welcome such services.

If your organization isn't one of them, consider that simply adding another recipient to all email messages results in data leakage. How's this any different from adding any other recipient to an email? Unlike other recipients, the sole purpose of cc:Betty is to facilitate further sharing of email content outside an organization. Email can contain sensitive information— including high business impact (HBI) data or personally identifiable information (PII). Transmitting and storing such information outside the organization, with no control over the content or its security, could expose your organization to multiple risks.

Content scanning and privacy
It's important to consider what services such as cc:Betty do with your information. cc:Betty's privacy policy is not very different from Gmail's privacy policy— email content is scanned to display relevant ads. Some would argue that similar content scanning is also performed by antispam and antivirus software and services, and that this isn't something to be concerned about.

Regardless of whether you find content scanning by an automated process acceptable or not, the bigger threat is data leakage.

If usage of cc:Betty and other such services is in violation of your organization's policies, your users must be informed. If your organization's policies don't address such services and usage, perhaps it's time to consider a policy review. You may also want to consider blocking outbound mail to domains offering such services.You can easily block outbound mail to a domain using transport rules or a Send Connector. Exchange 2010's Information Rights Management (IRM) features can also help you prevent data leakage.

What can cc:Betty do to help organizations?
How can cc:Betty help organizations protect themselves from unauthorized use of its service? As a web-based service its success lies in widespread adoption of its app. More users, more user content accumulated, more sticky the service proves to be, and more pageviews it racks up. As such, there's no incentive to actually stop users from joining or posting information. In fact, it may directly impact its success.

However, cc:Betty and other such services may gain a lot of goodwill and more acceptance if they work with organizations to help prevent data leakage. One way of doing this may be to block email from organizations that register with it. When a user signs up for an account using your organization's email address, he/she gets a polite message about your company not allowing use of the service. Email sent from your domain can also be bounced back with a polite NDR.

Some organizations may choose to allow their users to use the service, but with appropriate policy guidelines and controls in place. [Update: According to cc:Betty, an enterprise version of the service is in the works.]

Does your organization allow the use of cc:Betty.com or similar services?

Excellent e-Discovery Guide from Mimosa Systems

Are you involved with e-Discovery (aka "electronic discovery") as a consequence of litigation, regulatory audit or perhaps an internal investigation? Whether you've been hit by litigation or not, it's important for messaging professionals to know about e-Discovery, and be prepared for it. Mimosa Systems, the Santa Clara-based archiving software company, has an e-Discovery guide that's very well produced and fun to read. It actually makes the wrapped-in-legalese e-Discovery process interesting— a far cry from the scores of mundane publications and articles produced on the subject. Chances are after reading it you may even look forward to an e-Discovery request! Head over to the Mimosa Systems web site to download The Know-IT-All's Guide to eDiscovery.

Managed Folders: Why aren't Calendar items expired?

You're testing Exchange 2007's Messaging Records Management (MRM) features to implement your organization's messaging retention policies.

You create a new Managed Folder for Calendar items, and then create a Managed Content Setting for it to expire Calendar items in 1 year. Next, you create a Managed Folder Mailbox Policy and add the Managed Folder to the Policy. You apply the policy to a test mailbox.

Testing the Managed Folder Policy
You open the test mailbox, create a single-instance appointment that starts and ends on some date more than a year ago.

To test the new Managed Folder Policy, you manually run the Managed Folder Assistant against your test mailbox:

Start-ManagedFolderAssistant -Mailbox "Joe Adams"

You expect the meeting, which (starts and) ends at some date more than a year ago, to be expired and the RetentionAction specified in the Managed Content Setting to be applied. It doesn't.

Calculating Retention Age for Calendar items

You can tell the MFA when to start counting an item's retention age from, by specifying it in the Content Settings for a Managed Folder. It can be based on:
1) When the item was delivered to a mailbox or
2) When the item was moved to a folder


Figure 1: Configuring retention period in Managed Content Settings

Calendar items such as meetings and appointments, and Tasks, are treated differently since these items have an end date. You could create a meeting for a future event, or create a recurring meeting that takes place at a certain interval (daily/weekly/monthly/yearly) during a certain period, or indefinitely. Therefore, the end date of these items needs to be considered when expiring them. Recurring meetings will expire based on the end date of the last occurrence. Meetings with no end date do not expire.


Figure 2: Recurring meetings can be scheduled to occur daily, weekly, monthly, or yearly for a long period, or indefinitely. When expiring such items, the MFA considers the end date.

If these items are deleted, and thus end up in the Deleted Items folder, the end date is no longer a factor. The Managed Folder Assistant expires Calendar items in the Deleted Items folder based on the message-received date. If the received-date cannot be determined, the message-creation date is used.

More details about retention age for different types of items in "How Retention Periods Are Calculated for Items in Managed Folders".

You locate an older PST and copy a Calendar item which occurs in roughly the same timeframe as the one you just created. When you run the MFA, the copied item with an end date from more than a year ago is expired!

When processing a mailbox, the MFA queries for Calendar items where the creation date is older than the expiration date. If you create a test item for a past date, as we did in this case, it does not get processed by the MFA until the creation date is older than the AgeLimitForRetention.


Figure 3: Calendar items created for a past date will have a creation time that is later than the meeting/appointment end time

Of course, you're not likely to run into this issue except in test scenarios. Real-world meetings do not get created in the past. The creation date is guaranteed to be equal to or older than the end date of the meeting..

Start Managed Folder Assistant for a single mailbox

When testing Managed Folder Mailbox Policy settings in Exchange 2007, you may need to frequently run the Managed Folder Assistant (MFA)) to process a mailbox on-demand, so you can check the mailbox content and MRM logs. However, every time you run Start-ManagedFolderAssistant, the MFA processes all mailboxes on all Mailbox Databases on the server.

Of course, you can avoid all the agony by instructing the Managed Folder Assistant to process only the specified mailbox:

Start-ManagedFolderAssistant -Mailbox "Foo"

Processing a single mailbox results in the MFA completing its job quickly and makes parsing the MRM log easier— the MFA only logs events related to the specified mailbox.

The -Mailbox parameter does not take multiple mailboxes as input. To process more than 1 mailbox, you will need to use the Get-Mailbox cmdlet (or Get-User piped to Get-Mailbox, depending on the property you want to filter on) and pipe a filtered list of mailboxes to Start-ManagedFolderAssistant. For example, the following command will result in the MFA processing all mailboxes from the department:

Get-User -Filter {department -eq "Sales" -and RecipientType -eq "UserMailbox"} | Get-Mailbox | Start-ManagedFolderAssistant

Or maybe you want to have the MFA process all mailboxes with a particular policy applied. Note, the Filter requires the distinguishedName of the policy:

$policy = (Get-ManagedFolderMailboxPolicy "MRMPolicy-VPs").distinguishedName; Get-Mailbox -Filter {ManagedFolderMailboxPolicy -eq $policy} | Start-ManagedFolderAssistant

Exchange Quick Audit: mailboxes created in last 7 days

I remember writing plenty of scripts to report on different things such as user accounts created every week/month, user accounts modified, accounts disabled, etc. for SOX compliance. Some of those scripts used to be rather long, and in hindsight— involved a lot more lines of code than an administrator should have to write. Although I had a lot of fun (and still do... albeit with PowerShell), I would totally understand if you said you never wanted to hear about things like Wscript, VBScript, WSH, COM objects, ADSI, and WMI ever again.


Let's take a look at how the shell (EMS) makes it so easy.

In this example, we need to get a list of all accounts created in the last 7 days. When a user account is created, its whenCreated attribute gets stamped with the time of creation. Here's how it can be used:

Get-User -resultsize unlimited | where {$_.WhenCreated -gt (get-date).adddays(-7)} | ft Name,whenCreated -Autosize

Similarly, when an AD object is changed, it's whenChanged attribute gets stamped with the time the change was made. This makes it easy to determine which objects were changed in a given period, a useful tool for auditing/reporting as well as troubleshooting. In the following example, we determine if any Receive Connectors were changed in the last 7 days.

Get-ReceiveConnector | where {$_.whenChanged -gt (get-date).adddays(-7)}

Another frequently required and requested report— how do I get a list of mailboxes that haven't been accessed in the last X days. Let's use 100 days as the value here:

Get-MailboxStatistics -resultsize unlimited | where {$_.LastLogonTime -lt (get-date).AddDays(-100)} | ft displayName,lastlogontime,lastloggedonuseraccount,servername

Or mailboxes that have never been logged on to:

Get-MailboxStatistics -resultsize unlimited | where {$_.LastLogonTime -eq $null | ft displayName,lastlogontime,lastloggedonuseraccount,servername

Note, you can filter mailboxes by Database or ServerName to restrict the results to a more manageable size.

Disconnected/Disabled Mailboxes
Next, let's list mailboxes disabled in the last 14 days:

Get-MailboxStatistics | Where {$_.DisconnectDate -gt (get-date).AddDays(-14)} | ft displayName,ServerName,DatabaseName,TotalItemSize -Autosize

The Saga Continues: White House Says It Routinely Overwrote E-Mail Tapes From 2001 to 2003

The saga of Messaging Records Mismanagement continues, with interesting bits and pieces surfacing every once in a while. Elizabeth Williamson and Dan Eggen report in the Washington Post:

From 2001 to October 2003, the White House's practice was to use the same backup tape each day...

Although the White House said in the filing that its practice of recording over the tapes ceased after October 2003, it added that even some e-mails transmitted through the end of 2005 might not have been fully preserved. "At this stage, this office does not know" whether additional e-mails are missing, said the affidavit filed minutes before a court-ordered deadline of midnight Tuesday night by Theresa Payton, chief information officer in the White House Office of Administration.

Not sure if the email messages that "might not have been fully preserved" are part of the 5 million missing messages reported earlier.

Read "White House Says It Routinely Overwrote E-Mail Tapes From 2001 to 2003" on WashingtonPost.com.

Recipient Policies: Can separate policies for Email Addresses and Mailbox Manager Settings be applied?

Exchange Server 2003/2000's Recipient Policies can have settings to generate email addresses for recipients, and Mailbox Manager settings to manage mailbox content. (The Exchange Server 2007 equivalents are 1. Accepted Domains + Email Address Policies to generate email addresses, and 2. Managed Folder Mailbox Policies (with default or custom Managed Folders + Managed Content Settings) to manage mailbox content).

When creating these policies, one can either use a single policy with both types of settings, or use separate Recipient Policies for both purposes - one to generate email addresses for recipients, and other(s) with Mailbox Manager settings to manage mailbox content. The latter approach (separate policies) is more common.

Modifying an existing Recipient Policy to add Mailbox Manager settings

 An existing Recipient Policy can be modified to add/remove Mailbox Manager or Email Address settings by right-clicking the policy and selecting Change property pages.



 From the Property Pages dialog box, select the appropriate settings to be included in the Recipient Policy.

Can multiple Recipient Policies be applied to a recipient?
Yes, you can use separate policies to generate email addresses and manage mailbox content.

Scenario1: Single policy with Email Addresses and Mailbox Manager settings applied. Recipient Joe Adams is not managed by policies (in ADUC -> Joe's account properties | E-mail Addresses tab, Automatically update e-mail addresses based on recipient policy is unchecked). None of the settings - Email Addresses or Mailbox Manager, get applied to that user.

Scenario 2: Two separate Recipient Policies are applied - one with Email Addresses and the other with Mailbox Manager settings. Recipient Joe Adams is not managed by Recipient Policies. The policy with Email Address settings does not get applied to Joe. The second policy with Mailbox Manager settings does get applied.

Given the above scenarios, if you want Mailbox Manager settings to be applied to all mailbox-enabled users, including those that are not managed by Recipient Policies, it makes sense to use two separate policies for Email Addresses and Mailbox Manager settings respectively.

Exchange Server 2007 avoids these scenarios completely. The functionality of generating email addresses - Accepted Domains + Email Address Policies, is separate from the functionality of managing mailbox content, which is available through Managed Folder Mailbox Policies.

Related Posts:
1. Applying Mailbox Manager policies to a sub-folder
2. Exchange Server 2007: Why aren't Managed Content Settngs applied?
3. Applying Managed Folder Policy to more than one user
4. Managed Folders: How to apply different Managed Content Settings to Default Folders
5. Restricting Messaging Records Management to a particular message type

Schwartz: Zero tolerance for zero retention

On the first anniversary of the Federal Rules for Civil Procedure (PDF), which provide guidelines for e-discovery, InfoWorld editor Ephraim Schwartz discusses the implications in his Reality Check column. Read more in "Zero tolerance for zero retention".