This article offers a solution for basic logging and reporting of all emails that pass through the Email Security.cloud Service (ESS)

The scope of the solution is as follows:

• The customer account has the Data Protection service provisioned
  • The solution uses this service for logging all emails
• The Track and Trace tool cannot fulfil the expected task, due to the inherent limitations of this tool
  • This tool is designed for specific searches through the live databases of our email processing infrastructure. It cannot do large scope searches and provide consistent reports using wide ranging criteria that would yield results in the thousands
• Delivery logs are not a mandatory part of the required task
  • The Data Protection service cannot log and capture information regarding the post-processing delivery state of emails, as it processes email data during its transit through the ESS, before delivery is even attempted

The solution consists of configuring a Data Protection policy that will log all inbound or outbound emails (or both) starting from the moment it is activated. Data logged by this policy is fully indexed and held on the service infrastructure for up to 40 days. You may therefore use the Email Track and Trace tool, using the Service filter for Data Protection, to quickly and consistently find and list emails that have triggered the policy up to approximately 1000 results. Past this number, you may use the Reports feature of the portal to obtain reports on emails passed through the service, with up to 500.000 lines of results per report.

Data Protection policy

Steps to configure the policy:

• Access Services > Data Protection
• Create a New Policy
• Give it a descriptive Name: Email Traffic Logging
• Apply to: Either Inbound OR Outbound email | Suggestion to split the policies, one for inbound and one for outbound 
• Execute if: ALL rules are met
• Action: Log Only
• Click Edit next to the Notification option, check the box Use custom notification and disable all notifications, click Edit
• Add a new Rule
• Execute if: ANY conditions are met
• Add a new condition - Match all

Reporting

Steps to configure the report:

• Access Reports > Report Requests
• Click on Request a new report
• Give it a descriptive Name: Email Traffic Reporting
• Select Email Detailed Report (CSV) - Data Protection
• Click on Advanced Settings
• Type or copy/paste the exact name of the Data Protection policy that you created before under Policy Name (example: Email Traffic Logging)
• Click on Add
• Click on Continue and configure the time interval for which the report will gather the data; you may also Schedule the report to run automatically
• Click on Continue and configure the delivery method for the report
• Click on Continue, review the configuration of the report and click on Submit request

Please note for Log Only Data Protection policy, we do recommend placing the policy at the very top of the order to ensure that every emails are logged before it trigger another policy condition on the remaining list.