Exchange email monitoring

[altecsole]

Starting in September we are going to give students school email via our Exchange 2000 box. Has anyone got any suggestions for plugins etc. for monitoring student email? In particular for offensive mails etc.

[Dos_Box]

Make them use Outlook Web Access. It will save you alot of time and energy as all it involves is a shortcut on their desktops. This will also remove acess to features and address lists you don't want them to see.

[Geoff]

This is a can of worms.

Unless you've got the right clauses in your AUP your not allowed to monitor it.

If you do, you can setup a user who has read access to all the mailboxes. Then you can connect to the exchange server as that user and browse all the inboxes and outboxes.

I suppose exchange based antispam plugins would also be able to pick up offensive words, etc in emails but I very much doubt you'd be able to justify the cost of them. They are typically tens of thousands of pounds.

The solution we have here uses a Linux box sat inbetween the exchange mail server and the rest of the world. It'll junk anything it thinks is spam. This includes most offensive stuff. It detects it as porn mostly.

We do not do any manual monitoring, we don't have the manpower.

Oh yes, all your efforts will be for nothing as soon as the little darlings discover GPG.

[altecsole]

Quote:

Originally Posted by Dos_Box

Make them use Outlook Web Access. It will save you alot of time and energy as all it involves is a shortcut on their desktops. This will also remove acess to features and address lists you don't want them to see.

Yes, we've already setup Outlook Web Access for them. Thanks.

[mark]

...something i'm very concerned about altecsole. [although i'm using open source solutions]

I don't get why we don't have full access rights to students emails. Isn't it the same as any other student information we store - we have a duty of care to protect them while they are in our care - at school.

What would happen if you had to delve into someones data stored on the system [anyone now] and it was encrypted - do the employers have the right to make the person give access to them??

just a-wonderin'

[Geoff]

Again, I'll point out RIPA. If you've not put something in your Email AUP so that your users wave their rights your heading down a pit full of sharp pointy sticks at high speed.

RIPA only applies to the Government and its agencies. That means schools.

[mark]

Ok - reading that Geoff - sorry for being a bit slow! ops:

You're really hot on this stuff huh!

[Geoff]

I used to work for the Police. I got loads of training on RIPA/Human Rights/etc when the laws were passed.

[mark]

Ouch - my eyes hurt!!!

so...

I have to have consent to intercept communication - which I get by force by not giving access to the system without it.

and...

the law provides that if it were necessary to access encrypted data qualifying bods could demand it [now you can all sleep soundly - ok? :P]

[Geoff]

Quote:

I have to have consent to intercept communication - which I get by force by not giving access to the system without it.

Yes, like I said, you need something about email monitoring in your AUP. Presumably for both Staff and Pupils. Otherwise you have to trot off to the nearest judge for a search warrant every time..

Quote:

the law provides that if it were necessary to access encrypted data qualifying bods could demand it

They will likely demand the decryption key off the school if its an employee or off the childs parents if its a pupil. Faliure to do so gets you a nice jail sentence. If any staff are using any encryption you should make sure you have a copy of their private encryption keys...

[ICTNUT]

Hi Geoff,

As a Network Admin I have a duty to protect the students from various things that could fly in by email, SPAM, PORN, Etc but no-one yet has mentioned the bullying by email side of things.

I does go on and we know this, how are we meant to do our jobs if, and I am not pointing at you Geoff, people keep sticking legislation in the way.

I use a whole suite of products from GFI and thier Mail monitoring and security addins for exchange are second to none.

These are automated monitoring of emails and no one actually looks at the emails unless one is flagged, and then only myself and one other has access.

Does the automated monitoring of emails still require consent??

[Geoff]

Quote:

Does the automated monitoring of emails still require consent??

Probably.

[russdev]

even automated monitoring i.e ones for spam etc would have thought it would be the same...

also remeber if you have abillity to do it then you must inform them....

Our isp gives us ability to filter and monitor email etc we do not do as a rule but ability is there so we inform them we can and will and then problem solved.

Russ

[andy]

Quote:

Originally Posted by ICTNUT

I use a whole suite of products from GFI and thier Mail monitoring and security addins for exchange are second to none.

Would that be the freeware versions, or otherwise?

Cheers,

Andy.

[Ric_]

Just tell the users that you will be monitoring email and all activity on the ICT systems and that should cover you. Stick it in your AUP and then make them sign to say that they understand.

I'm sure that we've been over this before.

@ICTNUT: As for bullying, that is the main reason for monitoring email. Unfortunately we are not all able to afford MailEssentials so we just have to randomly check mailboxes when we have a spare 10 minutes or check the mail of those people that the teachers suspect or know are being bullied.

FYI I also block access to webmail so that the little darlings are forced to use their school account - this means that they cannot be bullied by email in school without us being able to monitor it. It's then a matter for the parents to deal with at home since it is out of our control.