Exchange Email DSAR Redaction Guide

Email Is the Largest Source of DSAR Data

In most organizations, Exchange Online mailboxes contain the highest volume and widest variety of personal data. Microsoft estimates that over 90% of organizational data stored in Microsoft 365 is authored in Office applications, with a substantial portion residing in or attached to email. For DSAR purposes, email is almost always the primary data source — and the most complex to redact.

A single mailbox can contain years of correspondence with dozens or hundreds of contacts. Each email thread weaves together the personal data of multiple individuals: sender and recipient addresses, CC and BCC fields, signature blocks with phone numbers and addresses, forwarded messages from third parties, and attachments containing their own embedded personal data. Extracting the data subject's information while protecting everyone else's requires systematic processing that manual review struggles to deliver at scale.

Export Formats: PST vs. Individual Messages

Purview eDiscovery offers two export options for Exchange data. PST format packages all messages from a mailbox into a single archive file. Individual message export produces separate EML or MSG files for each message, organized by folder structure.

For DSAR redaction purposes, always choose the individual message export option. SafeRedact does not process PST archives directly — PST is a proprietary Microsoft format that requires Outlook or specialized tools to extract. SafeRedact accepts EML and MSG files directly: EML messages are parsed for headers (From, To, CC, BCC, Subject) and body content, while MSG files are processed via binary extraction to recover message text and embedded metadata strings.

PII Hotspots in Email Messages

Headers and Routing Data

Every email contains a header block with sender and recipient information, routing data, and message identifiers. The To, CC, and BCC fields contain email addresses — and often display names — of third parties whose data must be redacted. Reply chains accumulate additional addresses with each exchange. The From field of forwarded messages reveals the original sender's identity.

Signature Blocks

Corporate email signatures routinely include full name, job title, direct phone number, mobile number, physical office address, and sometimes personal pronouns or social media handles. In a long email thread, signature blocks appear after every reply — multiplying the number of third-party data points that need redaction.

Email Body Content

The message body itself may reference other individuals by name, include phone numbers, share addresses, discuss financial details, or contain any other category of personal data. Contextual personal data — information that becomes personal when combined with other details in the thread — adds another layer of complexity.

Attachments

Attachments are frequently the most data-dense elements in an email export. Spreadsheets with employee records, PDFs of contracts with personal details, presentations referencing clients by name — each attachment requires its own redaction pass. A single email with five attachments effectively represents six documents to review.

SafeRedact's Email Processing Pipeline

SafeRedact processes email exports with format-specific handling for the structure of email data. The system parses email headers to identify and redact third-party addresses in To, CC, BCC, and From fields while preserving the data subject's address. Body content is analyzed through the multi-layer detection engine — regex patterns catch structured identifiers while AI analysis identifies contextual personal data.

Because SafeRedact processes the full text of each email — including all signature blocks repeated throughout a thread — PII in signatures receives the same detection treatment as body content. The multi-layer engine catches names, phone numbers, and addresses in signatures just as it does in message text, avoiding the common manual-review problem of inconsistent redaction across different sections of an email. When email exports include attachments as separate files in the export archive (as Purview typically does), each attachment is processed independently through the appropriate file-type handler. Note that attachments embedded within EML or MSG files are not separately extracted — for thorough coverage, use the Purview export option that saves attachments as individual files alongside the messages.

Microsoft, Microsoft 365, Office 365, Teams, SharePoint, Exchange Online, OneDrive, Outlook, and Purview are trademarks of Microsoft Corporation. SafeRedact is not affiliated with or endorsed by Microsoft.