Journal Rules

Applies to: Office 365 for enterprises, Live@edu

Topic last modified: 2010-08-17

Journal rules are used to record, or "journal", the email messages sent to or from specific recipients. When a message matches the criteria defined by the journal rule, that message is journalled. Journal rules can help your organisation respond to legal, regulatory and organisational compliance requirements.

For example, corporate officers in some financial sectors may be held liable for the claims made by their employees to their customers. You can use journal rules to collect all email messages sent by specific groups of employees to external customers.

Here are some of the more well-known US and international regulations that specify requirements that may rely on journaling.

Sarbanes-Oxley Act of 2002 (SOX)	Financial Institution Privacy Protection Act of 2003
Security Exchange Commission Rule 17a-4 (SEC Rule 17 A-4)	Health Insurance Portability and Accountability Act of 1996 (HIPAA)
National Association of Securities Dealers 3010 & 3110 (NASD 3010 & 3110)	Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Patriot Act)
Gramm-Leach-Bliley Act (Financial Modernization Act)	European Union Data Protection Directive (EUDPD)
Financial Institution Privacy Protection Act of 2001	Japan’s Personal Information Protection Act

How do journal rules work?

When a message matches the criteria you've defined in the journal rule, the message is journalled. You define the recipients you want to journal, the messages sent to or from those recipients you want to journal, and where you want copies of the journalled messages to be delivered.

A journal rule consists of the following components:

Journal recipients This defines the recipients you want to journal. You select recipients from the shared address book. The messages that are actually journalled depend on the scope of the journal rule. If you specify a group, the individual members of the group are journalled.
Instead of specifying individual recipients, you can choose to journal all recipients in your organisation. Again, the messages that are actually journalled depend on the scope of the journal rule.
Journal rule scope This defines the messages to be journalled when sent to or from the journal recipients. The choices are the following:
- All messages Journal all messages regardless of source or destination.
- Internal messages only Journal messages sent from internal senders that include at least one internal recipient. If the sender is internal, but all the recipients are external, the message isn't journalled. If the sender is external and the recipient is internal, the message isn't journalled.
- External messages only Journal messages sent to and from recipients outside your organisation.
Journal reports A journal report is the message that's generated when a message matches a journal rule. The body of the journal report contains information from the original message such as the sender email address, message subject, message-ID and recipient email addresses. The journal report also includes the original unaltered message as an attachment. This type of message journaling is also referred to as envelope journaling.
Journaling mailbox The journaling mailbox is used for collecting journal reports. How the journaling mailbox is configured depends on your organisation's policies, regulatory requirements and legal requirements. You can specify one journaling mailbox to collect messages for all the journal rules configured in the organisation, or you can use different journaling mailboxes for different journal rules or sets of journal rules.
Note A journaling mailbox can contain sensitive information. It's a good idea to create organisation-wide policies that govern who can access the journaling mailboxes in your organisation and limit access to only those individuals who have a direct need to access them.
A recipient for notifications of undeliverable journal reports In a cloud-based organisation, we strongly recommend you specify one or more users to monitor journal report non-delivery reports (NDRs) so you reduce the risk of losing journal reports.
Why? In cloud-based organisations, journal reports are treated like any other email message. Journal reports that can't be delivered after repeated attempts will eventually expire and be removed. This may be a problem when you're trying to respond to legal, regulatory and organisational compliance requirements. However, if you configure a recipient to receive the journal report NDRs, you may have time to fix the problem with the destination mailbox before the journal report is deleted.