Searching for External Email Messages

Customers often ask how to use Discovery Attender to identify messages sent from or to someone outside their organization.  When dealing with a single domain, say sherpasoftware.com for example, the search is straightforward. You would simply use ‘Address’ as your criteria, and on the Search Wizard’s ‘Choose address’ page, use the ‘Find Any Address listed below’ option. Then, enter *@sherpasoftware.com* (the asterisks serve as a wildcard – you may include one on the end as well as the beginning as a precaution).

addresssherpa

Things may be more complicated if you’re asked to find any external messages. The challenge with this type of search is that, by definition, you don’t know beforehand precisely what you’re looking for. Fortunately, “external” addresses will typically follow the standard SMTP format (e.g. jdoe@acme.com). “Internal” addresses usually use the Exchange address format, also known as X400 or Legacy DN. This would take the form of something like /O=ACMECORP/OU=NA/CN=RECIPIENTS/CN=jdoe. This helps to identify external emails because internal emails usually do not have the common domain suffixes.  This makes the process somewhat simpler.

  1. First, run a search that will return ALL messages. I usually use ‘Date’ as my criteria and specify that Discovery Attender return everything created before some future date (“give me everything created before tomorrow”). Sure, that sounds nonsensical, but it will return everything.
    2. Next, open the ‘Result Management’ screen and navigate to the ‘Domain’ view.
    3. Take note of all the different types of external domains present in your result set. Common ones include the following, but there may be others in your data set:
    o *.com*
    o *.co*
    o *.edu*
    o *.gov*
    o *.net*
    o *.org*
    o *.biz*
    o *.ca*
    4. Navigate to the ‘Advanced Filter’ view and (1) create a new filter then (2) navigate through the wizard to use the Address criteria. Next, (3) select the ‘Sender’ or ‘Recipients’ option (or both) depending on your requirements. In the ‘Enter Address’ section, (4) put the list of domain extensions you found in the previous step and complete the wizard.

addressfilter

  1. A new view will be populated under ‘Advanced Filter’ with the name of the filter you just created listing all the items that matched your criteria. This view will list all the email with external addresses. If you want, you can now export all the items from this screen. Alternately, you can ‘mark’ these items to filter by them in other views.

If you have any other Discovery Attender questions or needs, do not hesitate to contact us at information@sherpasoftware.com or call 1.800.255.5155

Leave a Reply

Your email address will not be published. Required fields are marked *