How to Delete Secret Emails from Microsoft Exchange Server

Do you have private, secret, or confidential emails on your Microsoft Exchange server that you do not want someone else to see? One user of BleachBit seems to have mixed success with this task: on one hand some emails have been found, and on the other emails were deleted "so that even God could not read them."

To maximize the destruction of sensitive information you must physically destroy all storage devices that may have stored the information. Examples of physical destruction include thorough magnet degaussing followed by use of a hammer and blow torch, or just give it to a young child.

There are some scenarios where physical destruction is not possible or desirable such as: there are some emails you want to keep about yoga and wedding plans, you do not want to reinstall software, or you want to make it less obvious that you removed any information.

Assuming physical destruction is not possible, follow this guide to improve your results:

  1. Shut the doors and curtains, and turn on loud music.
  2. Using an email client such as a Blackberry smartphone delete the confidential emails. From the trash too.
  3. PROTIP: After you think you are done deleting emails, double check. Do a search for the keywords classified, secret, and Benghazi and the top-level-domains .gov and .mil.
  4. Wipe or destroy all BlackBerries and all other devices that were ever mail clients for the affected account.
  5. From a separate computer download portable BleachBit for Windows. The download is anonymous, free, and leaves no money trail.
  6. Unpack it onto a portable storage device such as a USB drive.
  7. On the email server:
    1. In Microsoft Exchange run a Page Zeroing operation to hide traces of the deleted emails, though this may still leave some traces.
    2. Connect the portable storage device to the email server.
    3. Disable and delete the Windows page file.
    4. Stop the Microsoft Exchange and other network services.
    5. Close all applications.
    6. Start BleachBit.
    7. Click File - Wipe Free Space, and use it for each fixed storage device. This will help eliminate residual traces of secret information on parts of the server's storage device that are marked not in use.
    8. Wait a long time.
    9. While you wait, clean the server's case, keyboard, and screen "like with cloth or something" to remove any fingerprints.
  8. Destroy the portable storage device.
  9. Destroy the replicated copies.
  10. Delete all backups.
  11. Do likewise on all remote email servers for all emails sent. For example if you sent emails to someone at state.gov, then you need to clean that email server too.

Because you probably do not have access to other people's email servers, the last step is the most difficult. It depends who you know.

Consult your Microsoft Exchange administrator for help. PROTIP: Consider what kind of witness would this person make.

Next time consider if you do not want someone to see private information, do not record it in the first place, and play by the rules.

See also the article BleachBit "stifles investigation" of Hillary Clinton.

Comments

ROCKNROLLKID's picture

"1. Shut the curtains and turn on loud music."

Maybe this should also say close your doors and lock them.

____________________
Also known as Alex.

Moderator for BleachBit and a maintainer for Winapp2.

Check out my open-source group on Steam: http://steamcommunity.com/groups/opencommunity

Windows 10 x64 (switching to ReactOS in the future).

Comical.. LOL....

Hey, ya know, at least she knew what program to use..

I do, and use it once a month..

So, regarding the wiping in step #4 -- you mean like with a cloth or something?

ROCKNROLLKID's picture

Make sure you use Lysol or Clorox, too.

____________________
Also known as Alex.

Moderator for BleachBit and a maintainer for Winapp2.

Check out my open-source group on Steam: http://steamcommunity.com/groups/opencommunity

Windows 10 x64 (switching to ReactOS in the future).

herojig's picture

One note: DO NOT give storage devices to small children for destruction, as these devices may contain small parts or sharp edges, and are not an approved toy by Child Protective Services.

Herojig Cartooning and Ballooning of Timi Nepal

Hee hee. Too funny!

Hillary is being made fun of and I think it is very, very hurtful.

Hillary has dedicated her life to public service and we should show our appreciation. SInce we can't elect her due to her email scam, at least we can do is give her a place to live. Alcatraz was closed in 1963 but Levenworth is a good second choice. food and water and everything else is earned. Lying in Levenworth does NOT earn special privileges so she will be in a serious disadvantage there.

All the best Hillary, BJ Bill Clinton, Donna Brazille, Huma and all the email support team.

anthonymaw's picture

Given that Hillary's private Exchange server got wiped with BleachBit, is it true that Donald Trump suggested hiring "Russian analyst/hackers" to try to recover the deleted emails ?

anthonymaw: Regarding what Donald Trump said is a matter of public record in the news, right?

---
Andrew, lead developer

anthonymaw's picture

Interesting article thanks. Exchange database page-zeroing is enabled by default and can't be disabled. Yeah Hillary Clinton's infamous private email server was running Exchange 2010 the automatic page-zeroing feature made the FBI investigation much more difficult! https://blogs.technet.microsoft.com/timmcmic/2013/05/20/exchange-2010-pa...

Curious enough, I went to the BleachBit website to learn more about the tool. It is a free tool to clean files safely and free up disk space. It is important to note that BleachBit is not an Exchange tool - it is neither Exchange aware nor does it have any plug-ins / modules (which it calls "Cleaners") for Exchange. In fact, it does not mention e-mail, Exchange or Outlook on its features page. https://cloud.24liveblog.com/event/1361843

I know how to send an email, but it was amazing experience to learn about the ‘unsend’ feature of Outlook email by visiting https://recall-email.com/how-to-unsend-in-outlook/

The first requirement, and that most organizations should not take lightly, you will need to take your device is running Exchange Server and Exchange Online. Do not use the test code downloaded from the Internet in a production environment without - Should you still need, here and elsewhere often follow the best time to use this practice.