Less is More: Email Audit

How to see the tree from the woods.

Sometimes we can be overwhelmed with search results and where we have a lot of information coming at us we sometimes want to turn down the noise a little.

In our domain, we get a lot of email from one particular source. We have a domain called go-oodles.com that we use to relay certain events.  For example, we have a series of internal cameras at sensitive doors in the building. These record to a NAS system, but to be sure we also turn some of the images into email and email them to a google account. These all come from the account camX@alerts.go-oodles.com.  As you can imagine this generates quite a bit of noise. When we’re auditing email we like to eliminate this noise.

First, we search for email from ‘alerts.go-oodles.com’

GAT 'negate filter' button

Then we hit ‘Negate Filter’ to remove these 15,000+ emails from the results.


This really starts to become useful when combined with another filter.

For example, if we want to see all the email with attachments, we ‘clear filter’, select the attachments box and hit ‘Search Emails’

Unfortunately, this returns all emails with attachments, including the thousands of alerts from go-oodles.com.

What we can do is go to the tab ‘Recent Filters’ and combine searches, all email ‘With Attachments’ and all email ‘not from[alerts.go-oodles.com]’

You can see we select the two filters we want, join them with ‘AND’ and hit ‘Show’.

This returns a much smaller subset of all emails with attachments, except those from ‘alerts’.

If we add dates to this search, we get an example like in line 1. (picture at top of page), which is getting all the email we want from the 30th of Jan, 2013.

We can then schedule this for 5 past midnight on the 31st of Jan.

Assuming we are on the 30th of January, this will generate a report that will run everyday showing us all the email that comes or goes the day before, with files attached, excluding all those thousands of emails from the alerting system.