Switching the company over to Google Apps last fall has been, for me at least, such a huge boon that I definitely have no regrets. It has, however, certainly introduced some “operational” impacts though. For instance, handling ex-employees and their mailboxes.
Now, in the MS Exchange era that we were previously in, this was a no- brainer: Leave the mail on the server. Anyone needs it, give ‘em access. I’m sure we can all quote assorted compliance policies on why email should be retained [for some defined period of time]. We can also probably think of reasons why the “leave it on the server” forever method isn’t really such a good idea anymore, but things have changed a lot in the last decade.
When using Google Apps and you’re now paying for each mailbox, that policy of abandonment has to be re-thought. Yeah, it is only $50/year/mailbox for the Premier account, but it seems silly to spend that without looking at options.
I’ve come up with two approaches so far:
- Export all the mail and then import it to a free hosted account
- Export all the mail and store it on a file server as text (.eml) documents
Option 1 is clearly a bit abusive of Google’s good graces, but you can easily get a free hosted account with a different domain. For instance, you might want to have one for contract and temp employees. The trick is making sure the export from the Enterprise account isn’t larger than what the free version can hold.
Well, the other trick is that the rules have recently changed and you can only have 20 users with the free accounts (although I’ve read that you can send an email and ask for additional…)
Option 2 means the onus is now on me to securely store all the old emails and ensure that they can be accessed or searched if necessary. Access has to be controlled, we don’t want the world browsing a former employee’s old email, right?
Arguably this is really a stalling topic before going to Option 1 – if I really want to do some serious searching, why not import the mail back into a free account and use the wonderful search facilities… but, I can also directly search the text files with a number of tools as well.
For both approaches, I’ve found the free Gmail Backup utility to be incredibly helpful. It works great for both the export and the import and does it all with IMAP and .eml text files.
I guess an Option 3 might be to investigate the Postini services. It looks rather interesting, but I’ve yet to talk to anyone using that, so if you have any experience please drop a comment or email. I think Premier comes with a limited version (details) so it looks like I’d have to spend some money for email retention above the default 90 days.
I’m generally pretty happy with my Option 2 route for now, but open to other ideas or best practices so please feel free to share. In this litigious world we work in, messing up email retention or compliance can sure be a disaster!
We are running postini at one of my client sites that is on Google Apps and I am not impressed. The interface is one of the most confusing things I have ever used. They are mostly using it for the extra spam filtering, so I haven’t played with the email retention. Great question as I have been thinking about the same thing. You could creat one account that you just import all old email into, and label it all as you import it. then when you needed to find something you could search in that account based on labels related to which user the email came from. Then you would only have to pay $50 a year for one extra account for archiving purposes.
Hmm… you’re scaring me a bit since I’m planning on turning on Postini this Friday!
Just to muddy the waters for you… I’ve been a Postini company for years and I really love the service. We use it for both security and archival. I guess they had me in mind when they built it, as I don’t find the interface to be at all confusing.. But if you do have problems their support is really quite good. They sure beat the heck out of the Barracuda devices we used to run.. God did I have a hate in my heart for those stupid things.
The archival feature pretty much does what you would expect it to and not a whole lot more. Mail gets archived.. Mail can be searched for.. Mail can be exported to PSTs. My only real complaint with it is that it can be sloooowwwww..
If you are thinking of going the Postini route you might want to call ‘em up and ask for an interactive demo… See if the setup makes sense to you before you pull that trigger. It isn’t over priced, but it certainly is not cheap.
Good stuff, thanks. I think asking for the demo will be a good place to start (I still haven’t turned it on…)
is google aps same with google adsense? im kinda puzzle here
Hi Brandon – the only thing Google Apps and Google Adsense have in common is the “google” in their names. Check the link in the article to learn more about Apps.
What is the generally accepted period of time that administrators are keeping emails? Is it strictly based on company policy, or are there guidelines in IRS code, HIPAA, etc?
And if anyone knows of any specific compliance that requires times, can you pass that on to me (via comment response is fine)
Thanks! The retention of the ex-employee’s by regulation is something that is certainly good to know!
I revisited this post after almost nine months because I have to archive an old mailbox from Google apps. I had an idea for a third option. It has some pluses and minuses, but what about downloading it all with outlook to a PST, or with Thunderbird? maybe time consuming, but at least you have a local copy and you can search it or upload it later?
i have the perfect solution for this; figured it out when my client had me start to migrate his company to g.apps figuring out they weren’t ready yet; i didn’t want to loose all my work migrating 10GB of email.
when i set up any g.apps account i make a ‘catch all’ address that ‘catches’ any email whatsoever; when i had my own internal server i didn’t keep ’550′ emails; but it’s really nice for when somebody ‘swears’ they sent you and email and they did but the typo’d the name!
so; set up a catch-all email address and when a user leaves the company etc; you use the built-in migration tool and set it up to IMAP all the files to the ‘catch all’ address.
on the catch-all address; set up filters for in/out for any ‘archived’ user and they will each still have an inbox and outbox. you can get in-touch with me if you want more information; i will get an email if you post a reply.
coincidentally i just found this post because the same client finally is having me migrate all the users BACK to individual accounts. The system of the 8-in-one works so well ; a smaller company could easily have ONE or TWO g-apps-premier users and host 5-15 people.
now that the users are back to individual accounts; i’m leaving the ‘catch all’ as is; it will continue to grab a copy of every incoming and outgoing email for the whole company; it’s very powerful admin tool to track how many total emails going in/out etc and to get a very quick idea of which emails are going to 5 vs 2 vs 1 user.
it’s pretty much flawless; the one and only minor drawback is that outgoing emails are tagged with a header that you are using catchall as the sender (but doesn’t affect replies; the ‘from’ is undisturbed once you validate the user; before validating; gmail actually changes the ‘from’ to catchall@ in this case.
actually it’s not even a bad thing in a way; the extra header usually makes non-deliveries go back to the catchall and not the end user; so one admin. can follow many of those bounces w/o checking individual accounts!
-awr
AWR, That’s just an absolutely confusing post.. How do you setup a “catch-all” address? Where’s the “Built-in” migration tool? How to you “IMAP all the files to the catch-all address” ?
Can you be more specific please? Steps would help a lot!
Thanks
Bryan
I was in a hurry typing that post but to clear up things a bit.
1) when using google-apps you always have the option to send any non-provisioned email addressed mail to ‘somewhere’ they call it a ‘catch-all’ address but can be any user. I make a user that is actually called ‘catchall’ for this purpose. catchall@example.com
2) the built-in migration tool is only available to premier g.apps customers, but it is an IMAP mass-migration tool that will let you go from *any* IMAP anywhere to any g.apps premier account.. that first *any* can be coincidentally a g.apps account premier or not; allowing you to move an entire imap account to-from a catch-all or temporary account.
If you don’t have premium there are other tools for imap migration and you can always use pop with non-premium accounts to pull off the same trick. when you first enable pop for any g.apps account it asks ‘for all mail’ or for ‘just new mail’. pick all mail and the first pop access to that account will include everything.
in the context of the original post; ‘what to do with past employee email’…
eg:
bob@company.com is no longer at company.com
you use the email migration tool and migrate all bob@company.com to catchall@company.com and set up a filter at catchall@ to put any “to:bob@company.com” archived and put into bob/in label.. and any “from:bob@company.com” archived and labeled bob/sent.
really no limit to how many users can be set up that way, so you can keep dozens of ex-empl. around, manage their in/out boxes without taking up any add’l user accounts.
when ‘jim@company.com’ is hired to take place of bob@company.com and needs access to those emails.. migrate the other way. you migrate from catchall@ to jim@ but tell the migration tool that the imap root directory is ‘bob’ and skip the inbox and you’ll just get the bob@ in and out mails.
with non-premium not much point to this exercise since you get to keep 50 or 100 accounts, but still can be a better management of ex-empl. you’d have to use the pop-access option to make it work, and not sure how you’d filter out just the one account when pulling OUT of the mass mailbox.
for things to work pretty you need to enable labs option ‘advanced imap’ so you can turn some folders on/off in visible in imap; which all users should do anyhow if using imap to read mail; there is zero point zero use for the ‘starred’ or ‘all mail’. mailboxes from an imap reading viepoint.
you can email me if you have more questions. (any post here comes to my email automatically)
-awr
AWR,
I am setting up google apps for a small firm with about 30 users. I can forward all incoming emails at this domain to an offsite email address (a paid Gmail account).
How can I route a “copy” of all outgoing emails from this domain to the same offsite email address?
Note: Google apps outbound email server is the primary and only server available.
- dave
This is a wonderful post. However, I should point out that “GMail Backup” does not honour folder hierachies.
Instead, I used IMAPSize (but only for the last account). The interface is unnecessarily cluttered (for my uses) but it does honour hierachies.
Do not rely on Thunderbird. I have very patchy backups of old accounts (not needed but backup was done just in case) when using Thunderbird. Emails are not downloaded in full for some reason. The offline function, get selected messages function all do not work as expected.
In fact, for one account, I had to manually “read” all emails just to download it. And even then, not all the emails were saved in full. about 10% was still 0kb.
Having “read” all the emails, I assumed it was a cache thing. So I deleted the files that I’d saved and restarted thunderbird and tried to save emails again. Imagine my surprise when I ended up where I started with all but 2 emails at 0kb. Surprisingly, windows was helpful here with it’s Undo Delete function.
Just thought I should share.