We help IT Professionals succeed at work.

Flag messages sent to or received from an outside domain - Exchange 2007

ccmadmins asked
I have had a request to copy all emails that are either sent by employees or received by employees to/from a particular domain.  In other words, on my exchange server, is there a way to flag incoming and outgoing messages that are all related to one particular domain name?  For example, if someone sends a message to an email @xyz.com, a copy of that message is automatically put into a mailbox or public folder.  The same would need to happen for any user receiving a message from an email address @xyz.com.  And to be clear, xyz.com would be an external domain.

Any thoughts on a server side rule that would actively monitor messages and pull out a copy or has anyone used some 3rd party software that might work for this?  Currently using Exchange 2007 sp3 on a Windows Server 2008 sp1 box.

Watch Question

Not exactly what you want, but are you aware you can journal/archive all messages?
Messaging Engineer - Disaster Recovery Engineer
Yes this is a easy solution...Transport Rule on your Hub server.    Example create a inbox called monitor-xyz, which you will want to hide from the GAL or you can create a non-descript inbox.     Now open Exchange Management Console -->  Org config -->  Hub Transport -->  Transport Rules.

Create a new rule and you can set your conditions like from address text patterns or message headers.    Then you have actions, so what do you want done with this message...sounds like you will want to use copy the message to address.    You would point the copy to monitor-xyz@yourdomain.com.       This is the easier and quickest solution in my mind.

Here is a good reference:  http://www.msexchange.org/tutorials/transport-rules-exchange-server-2007.html
Top Expert 2012

This is exactly what MailMarshal Is Desgined to Do.
I would look into using MailMarshal if you dont already have it.

Not only can it do this but has many other useful functionalitys as well.


I have posted the Site Address
However, it doesnt appear to be working at the moment.
(Of course May Be issue on My End)

A journaling rule is the best way to do it as EndureKona has suggested. You can then give management or whomever needs visibility into that mailbox read permissions et voila.


I went ahead and started looking at a transport rule as suggested.  After a little bit of work and setting up a public folder to receive the messages, I can now get a copy of any message sent from a particular domain.  Along with setting public folder permissions, I can give access to certain managers easily to any message.  The problem is that I can't seem to make it work for messages sent to that domain.  Exchange doesn't have the same rule that I can apply for outbound messages like it does for an inbound message.  Any thoughts on how to make it work for message going both directions?
Rick FeeMessaging Engineer - Disaster Recovery Engineer
You can do something like messages sent outside  the org and set the message headers to look for xyz.com string.