cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Discovery Accelerator - Blind Carbon Copy Functionality

Evault_Professi
Level 6
Partner

‎04-25-2008 08:31 AM

  I'm working in our test lab environment and currently set up Discovery Accelerator along with Enterprise Vault. We are currently using Envelope Journaling.  
 
  This is our scenario:
 
1) An email was sent FROM: EVTest 1 - TO: EVTest 10 / CC: EVTest 11 / BCC: EVTest 12.
 
  If we do a SEARCH in DA to monitor all messages sent to user EVTest 12; then the email is obtained and listed under DA for reviewing purposes. The way to notice that user EVTest 12 was BCC'd is because the EV Test 12 display name does not appear at the TOP section of the EMAIL. (Example:
 
BCC Testing                                                                                           Date: Monday, April 21, 2008      3:00 PM
FROM: EV, Test 1                                                                          
TO: EV, Test 10
CC: EV, Test 11
This is a test!! 

 2) However, it is my understanding that DA monitors users involved within a possible breach. Let's assume I did NOT now EV Test 12 received the above email. Therefore if I run a new search by content only (In the example above it would be "This is a test"); this email and others with same content will be listed for my results.

    But in this scenario...there is no way to determine if anyone was BCC'd. How would the end user be assure that no one was BCC'd in an email?

I've seen some possible recommendations through the forums to enable BCC Journaling and disable Envelope Journaling. However, has anyone tested if this option works? Has anyone been able to get this to work with Envelope Journaling?

Thanks for any help!

Dennis

 

 

0 Kudos
3 REPLIES 3

sleddog
Level 5
Partner

‎04-25-2008 11:20 AM

If you stop the Journaling Task and open the Journal Mailbox, you wll see the bcc recipient in the wrapper. That wrapper meta-data is archived and the reason the EVTest 12 returned a result.
 
You will not see a bcc: recipient per se in your DA searches. That's been my experience... I'd like to hear if anyone has seen anything to the contrary...
0 Kudos

DDI
Level 3

‎04-25-2008 01:51 PM

EV/DA will only display what was in the archived message properties, and the bcc is not there - it's in the envelope journal message. So, it's indexed, but not displayed when viewing a message.
 
Agreed, it would be ideal to have a way to display, when previewing a message in EV/DA/CA, all the recipients indexed in that envelope list - otherwise there's no way to see who was bcc'd without knowing their address. 
 
I've submitted enhancement requests for this in the past, perhaps a few more requests from other customers might help...
0 Kudos

Evault_Professi
Level 6
Partner

‎05-22-2008 07:41 AM

Since I opened this posting...it would be appropriate for me to close it out by informing everyone on the results of our testing. ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

 

 We've implemented BCC Journaling per Symantec's recommendation within our LAB environment, and we were able to keep track of email addresses being BCC'd through Discovery Accelerator.

 

 We ran through the same example listed in my original discussion and everything worked as intended.

 

Hope this helps!

Best Rgds,

Dennis

 

0 Kudos