Spy Software

Software for archiving a firm’s e-mail is becoming more popular. This software goes by many names, including spyware, archiving software, or monitoring software. Whatever you call it, this software is becoming increasingly important.

By Erik J. Heels

First published 3/1/2002; Law Practice Management magazine, “nothing.but.net” column; American Bar Association

Much has been written about software that is used for monitoring computer (and Internet, in particular) use by employees. And my goal for this article was to review all computer monitoring software. However, this quickly turned out to be a much bigger challenge than I anticipated. As such, I have limited my review to e-mail archiving software, since most of my time online is spent sending and receiving e-mail.

Why Archive E-mail?

IDC predicts that an average of over 36 billion person-to-person e-mail messages will be sent daily by 2005 (http://www.idc.com/getdoc.jhtml?containerId=23011). In 2001, I sent about 12,500 e-mail messages and received another 12,500 more! Sometimes I wish that Eudora didn’t have that pesky statistics feature!

There are many good reasons for archiving e-mail. Perhaps you want to find an old e-mail message that you accidentally deleted. Or perhaps you want to monitor incoming and outgoing e-mail for compliance with company policies or for viruses. There are just as many good reasons for deleting archived e-mail, as Microsoft learned the hard way when archived e-mail messages were used against it in its antitrust case. Also, any new software that you install will require additional care and feeding. Perhaps it goes without saying, but before you embark on a program to archive e-mail, you should figure out what problem you’re trying to solve, whether your proposed solution solves the problem, and whether you’ve created any new problems.

About Clients and Servers

Most e-mail solutions work on a client-server basis, where a user’s mail client, such as Eudora, Outlook, or Netscape, communicates with a mail server (such as an MS Exchange or Unix server). For example, I have a Dell computer running Windows2000 Professional, and I use the “paid” version of EudoraPro 5.1 for my e-mail client. A Unix computer at my ISP is my server, and the client gets e-mail from the server by communicating with the POP3 protocol.

Client-Side Solutions

One way to monitor employee e-mail activity is to install software on each and every employee’s computer. This is the client-side solution. Client-side software is widely available. Search on Yahoo for “employee monitoring software” (http://search.yahoo.com/bin/search?p=employee+monitoring+software) to see companies that are in this market. Much of this software runs on various versions of the Windows operating system, and Macintosh software is also available. In general, software titles in this category work by recording each keystroke to a log file, taking periodic screen-shots of the computer, or some combination of these two techniques. Recording each and every keystroke will, in many cases, create a log file that can become unworkably large. Recording periodic screenshots as images is also a solution that could quickly consume disk space. It is also worth noting that I have received three unsolicited e-mail messages (aka spam) about spyware software over the last week alone, which makes me question the legitimacy of some of these vendors.

The client-side solution is, in my opinion, a Very Bad Idea. I value my privacy as much as the next person, and if my employer’s IT department tried to install monitoring software on my computer, I would do what it took to detect, disable, or remove the software. I suspect many others would have the same reaction. Furthermore, as discussed above, client-side software has the potential to create large log files on the client computer.

Server-Side Solutions

Another solution is to install software on your firm’s e-mail server that can archive incoming and outgoing e-mail. This can be an expensive and time-consuming proposition, but this may be the solution of choice if you feel that archiving e-mail is essential.

For example, GFI’s Mail Essentials for MS Exchange (http://www.gfisoftware.com/me/mespricing.htm) allows you to archive incoming and outgoing e-mail to an ODBC database, and pricing starts at $350/year for a 10-user license. Similar products for the Unix platform include Sendmail’s Message Copier (http://store.sendmail.com/pdfs/datasheets/ds_cm_copier.pdf) and MailStore from Rchive-it.com Ltd. (http://www.rchive-it.com/products/productintro.html). Additional products in this category can be found by searching Yahoo for “e-mail archiving” (http://search.yahoo.com/bin/search?p=e-mail+archiving).

If you have an IT department, and IT budget, and control your own mail server, consider a server-side solution.

Do-It-Yourself Solutions

If you control your own mail server and have access to programmers, consider one of the following options.

PerlMx (http://www.activestate.com/Products/PerlMx/) integrates with existing Unix mail servers running the sendmail program. As the name suggests, PerlMx is written in Perl, so it can be customized, but, of course, you have to be able to program in Perl to do the customization.

If you are an expert programmer, you can modify your sendmail configuration file (sendmail.cf) directly using the method called “copyuser” originally described by Robert Harker and later written about on the Usenix web site (http://www.usenix.org/publications/login/1999-10/features/archiving.html). A corrected version of this article appears on the author’s personal web site (http://www.geocities.com/sbmilbur/sendmail/). But even if you know a little bit about Unix, I’d highly recommend hiring a sendmail expert before trying to implement this solution. Modifying your sendmail configuration files can cause major problems with your firm’s e-mail.


In a way, I already archive my e-mail because I backup my computer daily (via http://www.connected.com for my Windows computer at work, at via http://www.backjack.com for my Macintosh computer at home). This is admittedly an incomplete system, but it works for me.

If you decide to monitor e-mail in the workplace, you should do so according to a defined policy that states the benefits, risks, and costs of monitoring. Whether your implement a client-side or a server-side solution you are going to consume computer and personnel resources. As with all decisions, you should make sure that the benefits of e-mail archiving outweigh the costs.


For more information about e-mail solutions, see:

E-mail 911 (http://www.email911.com/)
About.com’s Email Site (http://email.about.com/)

Leave a Reply

Your email address will not be published. Required fields are marked *