Journal Rules

  • Article

Applies to: Office 365 for enterprises, Live@edu

Journal rules are used to record, or "journal", the e-mail messages sent to or from specific recipients. When a message matches the criteria defined by the journal rule, that message is journaled. Journal rules can help your organization respond to legal, regulatory, and organizational compliance requirements.

For example, corporate officers in some financial sectors may be held liable for the claims made by their employees to their customers. You can use journal rules to collect all e-mail messages sent by specific groups of employees to external customers.

Here are some of the more well-known U.S. and international regulations that specify requirements that may rely on journaling.

Sarbanes-Oxley Act of 2002 (SOX)

Financial Institution Privacy Protection Act of 2003

Security Exchange Commission Rule 17a-4 (SEC Rule 17 A-4)

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

National Association of Securities Dealers 3010 & 3110 (NASD 3010 & 3110)

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Patriot Act)

Gramm-Leach-Bliley Act (Financial Modernization Act)

European Union Data Protection Directive (EUDPD)

Financial Institution Privacy Protection Act of 2001

Japan’s Personal Information Protection Act

How do journal rules work?

When a message matches the criteria you've defined in the journal rule, the message is journaled. You define the recipients you want to journal, the messages sent to or from those recipients you want to journal, and where you want copies of the journaled messages to be delivered.

A journal rule consists of the following components:

  • Journal recipients   This defines the recipients you want to journal. You select recipients from the shared address book. The messages that are actually journaled depend on the scope of the journal rule. If you specify a group, the individual members of the group are journaled.
    Instead of specifying individual recipients, you can choose to journal all recipients in your organization. Again, the messages that are actually journaled depend on the scope of the journal rule.
  • **Journal rule scope **  This defines the messages to be journaled when sent to or from the journal recipients. The choices are the following:
    • All messages   Journal all messages regardless of source or destination.
    • Internal messages only   Journal messages sent from internal senders that include at least one internal recipient. If the sender is internal, but all the recipients are external, the message isn't journaled. If the sender is external and the recipient is internal, the message isn't journaled.
    • External messages only   Journal messages sent to and from recipients outside your organization.
  • **Journal reports   **A journal report is the message that's generated when a message matches a journal rule. The body of the journal report contains information from the original message such as the sender e-mail address, message subject, message-ID, and recipient e-mail addresses. The journal report also includes the original unaltered message as an attachment. This type of message journaling is also referred to as envelope journaling.
  • Journaling mailbox   The journaling mailbox is used for collecting journal reports. How the journaling mailbox is configured depends on your organization's policies, regulatory requirements, and legal requirements. You can specify one journaling mailbox to collect messages for all the journal rules configured in the organization, or you can use different journaling mailboxes for different journal rules or sets of journal rules.
    Note   A journaling mailbox can contain sensitive information. It's a good idea to create organization-wide policies that govern who can access the journaling mailboxes in your organization and limit access to only those individuals who have a direct need to access them.
  • A recipient for notifications of undeliverable journal reports   In a cloud-based organization, we strongly recommend you specify one or more users to monitor journal report non-delivery reports (NDRs) so you reduce the risk of losing journal reports.
    Why? In cloud-based organizations, journal reports are treated like any other e-mail message. Journal reports that can't be delivered after repeated attempts will eventually expire and be removed. This may be a problem when you're trying to respond to legal, regulatory, and organizational compliance requirements. However, if you configure a recipient to receive the journal report NDRs, you may have time to fix the problem with the destination mailbox before the journal report is deleted.