March 2002

The Magazine

Past Issues

Write for Us


About the Magazine

Letter from Editor

Order Back Issues




Spyware: How to Monitor E-mail

Software that monitors workplace e-mail use is on the rise. Know how to track what’s going in and going out.

Do you know how many e-mail messages you send and receive in a year? IDC predicts that an average of more than 36 billion person-to-person e-mails will be sent daily by 2005. (Read about it at In 2001, I personally sent about 12,500 messages and received another 12,500 more.

Given that level of activity, monitoring of workplace communications will likely become more pervasive—and increasingly important.

Why Monitor Employees’ E-mail?

Software for tracking a firm’s e-mail goes by several names, including monitoring software, archiving software and spyware. Rick Klau’s column on page 14 looks at some of the more sinister aspects of the spyware category—and how to guard against them. But with so many people spending so much time online, there are plenty of good reasons to archive e-mail.

Perhaps you want to find old e-mail messages that were erroneously deleted. Perhaps you want to monitor incoming and outgoing e-mail for compliance with organizational policies. Or perhaps you want to minimize the potential for viruses being introduced into your system. Whatever your motivation, before you embark on a program to monitor e-mail, you should figure out what problem you’re trying to solve, whether your proposed solution solves the problem and whether you’re creating any new problems. And, though perhaps it goes without saying, remember that any new software you install will require its own care and feeding. Here’s a look at some options and attendant concerns.

Client-Side Solutions: Should You Monitor from the Desktop?

Most e-mail communications work on a client-server basis: A user’s mail client, such as Eudora, Outlook or Netscape, communicates with a mail server, such as an MS Exchange or Unix server. For example, I run Windows 2000 Professional and use EudoraPro 5.1 for my mail client. The client, Eudora, gets my e-mail from the mail server—a Unix computer at my ISP—by communicating with the POP3 protocol.

The client-side solution to monitoring employee e-mail activity involves installing software on every employee’s computer. Client-side software is widely available. You can find vendors in this market by searching Yahoo for "employee monitoring software."

In general, software titles in this category work by recording each keystroke to a log file (known as key-logging), or taking periodic screenshots of the computer, or some combination of these two techniques. However, recording every keystroke will, in many cases, create a log file that can become unworkably large. Recording periodic screenshots as images also can quickly consume disk space.

The client-side solution is, in my opinion, a Very Bad Idea. And it’s not just because of the potential to create large log files on client computers. I value my privacy as much as the next person, and if my employer’s IT department tried to install monitoring software on my computer, I would do what it took to detect, disable or remove the software. I suspect many others feel the same way.

Server-Side Solutions: Can You Archive to a Database?

Another solution is to install software on your firm’s e-mail server to archive incoming and outgoing e-mail. This can be expensive and time-consuming. However, it may be the solution of choice if you feel that archiving e-mail is essential, but would rather not log users’ every keystroke.

GFI’s Mail Essentials for MS Exchange, at, allows you to archive incoming and outgoing e-mail to an ODBC database. Pricing starts at $350 per year for a 10-user license. Similar products for the Unix platform include Sendmail’s Message Copier, at, and MailStore from Ltd., at www.rchive-it .com/products/product intro.html. You can find more products by searching Yahoo for "e-mail archiving." If you have an IT department, enjoy the requisite budget and control your own mail server, consider a server-side solution.

Do-It-Yourself Solutions: For Hard Core Programmers

If you control your mail server and have access to programmers, there are additional options to consider. For example, PerlMx, at, integrates with existing Unix mail servers running the sendmail program. As the name suggests, PerlMx is written in Perl, so it can be customized, but, of course, you have to be able to program in Perl.

It is also possible to modify your system’s sendmail configuration file ( directly using the method called "copyuser." This method was originally described in an article written by Robert Harker. An updated version of that article appears on the author’s Web site, But even if you know a bit about Unix, I highly recommend hiring a sendmail expert before trying this solution. Modifying sendmail configuration files can cause major problems with your firm’s e-mail system.

Understand What’s Involved

If you decide to monitor e-mail in the workplace, be sure that you do so according to a well-defined and publicized policy that states the benefits, risks and costs of monitoring. Whether you are implementing a client-side or a server-side solution, you are going to consume computer and personnel resources. As with all decisions, you need to make sure that the benefits outweigh the costs.

ERIK J. HEELS ( is a patent attorney and co-author of the ABA book Law Law Law on the Internet: The Best Legal Web Sites and More.


For more information about e-mail solutions, go to:

E-mail 911 at at