Email Retention and eDiscovery | How to configure Email Retention and use eDiscovery

Email retention and eDiscovery 

What is email retention? 

Email retention is the process of retaining emails in the organization accounts for a specific period, for compliance or other such purposes, based on the organizational policies. The main purpose of retention policy are the following:
1) Retention of email content for a specific period, so that it cannot be permanently deleted before the retention period. 
2) Deleting the email content permanently after the defined retention period. 

Email retention policy helps in compliance for legal purposes to: 
1) Compliance of industry regulations and internal policies to retain content for minimum period of time. 
2) Reduce the risk, in case of any event of security breach or litigation caused due to deletion of content by employees.

Why is email retention important for organizations?

Email is the standard, universal and reliable communication mode for businesses. The emails in the organization are crucial, and sometimes confidential. They are often needed as substantial evidence and hence it is critical that a copy of the communication is retained to ensure that the organization follows the compliance standards and can respond to any legal issues that arise related to such communications. This ensures that there is no data loss due to deletion of data by the employees. 

What is eDiscovery? 

eDiscovery refers to the process using which the emails retained can be quickly searched and retrieved from accounts within the organization. The advanced eDiscovery portal in Zoho Mail provides a complete solution to retain, review, export the emails related to your organizations internal, external or legal investigations. It empowers the legal teams to manage the holds and investigations. 

Overall, it assures that the legal team can gather and access the required information in a simple interface, without technical dependency or complexity.

Default retention policy:

Default retention policy defines the period for which the organization data should be retained in the eDiscovery portal. The default value is 'Retain forever', but the organization can define a specific period in terms of number of days. You can define your default retention policy from the eDiscovery portal. 

Steps to create default retention policy:

  1. Log in to your Admin account at
  2. The eDiscovery portal welcomes you with a small intro to email retention and eDiscovery. 
  3. Click the 'Enable eDiscovery' button to enable eDiscovery for your organization. 
  4. Click Next, to choose the default retention period. 
  5. By default, the retention period is forever. 
  6. You can define a specific number of days as the retention period, based on your requirements.
  7. Click Next to set the retention rules for the default retention policy.

Once you define the retention period, you can go ahead and define the retention rules. 

Retention Rules

Retention rules provide you the options to choose the types of emails that you want to retain in the eDiscovery portal. The Rules provide flexible options to define whether you want to save sent emails or received emails or retain only specific sent/ received emails and so on. 

  1. You can view or set the retention rules from the Settings section of the eDiscovery portal.
  2.  Retention rules help you define the default rules required for retention. 
  3. You can choose to retain all the emails or select specific conditions to retain emails. 
  4. You can choose one of more from the following options available. 
    • Retain emails sent - outside the organization
    • Retain emails sent - only within the organization
    • Retain all sent emails
    • Alternatively, you can specify selected domains and choose to retain the emails that are sent only to those domains.
    • Retain emails received - from external organization accounts 
    • Retain emails received - only within the organization 
    • Alternatively, you can specify selected domains and choose to retain the emails that are received from those domains.
    • Retain all received emails
    • Retain deleted emails
    • Retain spam emails 
  5. In case you want to exclude spam emails from retention, in this section, you can choose all the options and uncheck the spam emails to avoid spam emails from your retention. 

As the next step you need to select the users for whom the email retention should be enabled. 

User accounts:

Once you define the retention period and retention rules, you will now select the users for whom the Retention should begin. Click 'Enable Retention' to start the retention process for the selected set of users. 

You can click 'Select all users' to enable retention for all the user account. 

Once you enable the retention and define the retention policy, the emails that get delivered to the organization accounts will be retained in the eDiscovery portal, based on the retention rules. The retention period will be based on the default retention rule applied to the accounts.The sync to the eDiscovery portal may take a while, after which you will be able to search/ view/ export the retained emails from the portal.

Custom retention policy:

In case there are any special or custom requirements that need certain emails to be retained for a different period of time, the administrators can define custom retention rules. The custom retention rules can be defined based on various parameters.

To define new custom policies or to view existing policies, you need to navigate to the Retention and eDiscovery portal at

  1. In the 'Retentions section', just below the Default retention policy, custom retention policies will be listed.
  2. If you are creating a new policy, click the button 'Create Custom Retention Policy' button. 
  3. Provide a name for the custom policy 
  4. Select whether you want to retain the emails marked as spam also. 
  5. Select the period for which you want to retain the emails that match the requirements of the custom policy. 
  6. In the Condition query provide the conditions based on which you want to define the custom policy for email retention. 
  7. The conditions can be based on one or more of the following parameters. 
    • Contains - contains text/ email address in the entire email
    • Subject - subject contains the selected tern
    • Content - email content contains
    • From - from email address contains
    • To - To email address contains
    • Cc - Cc email address contains
    • Bcc - Bcc email address contains
    • Reply To - Reply to email address contains
    • Has attachment - Only the emails with attachment
    • Attachment name - Attachment content contains
    • Attachment content -  Attachment content contains
    • Only outgoing emails - Include only outgoing emails
  8. Select the period for which you want the emails to be retained under the custom policy. 
  9. You can use 'Preview results' to check whether the condition query provides the expected results. 
  10. You can 'Save' the retention policy if the search results match the conditions needed for the custom retention policy. 

You can create and save multiple retention policies for different purposes. Mostly each custom retention policy will differ based on periods of retention and the conditions required for retention. 

Create an Investigation:

An Investigation or a case is a legal probe against certain email communications or documents. When there is a legal case or a probe or an investigation pertaining to email communication, the organisation needs to retain all the related emails until that investigation is completed/ closed.

The eDicsovery administrator creates a new Investigation to manage the entire investigation cycle. Sometimes the Investigation can be required for the purpose of internal investigation or inspection also.

Steps to create an Investigation in Zoho Mail: 

  1. In the eDiscovery portal, go to Inspections tab to view or create Investigations. 
  2. Click '+' symbol to create a new Investigation
  3. Provide the investigation name and a detailed description, for the particular investigation.

You can create single or multiple holds based on different conditions, as required for the investigation. The emails that are retained via investigations will not be deleted even based on the periods defined by default or custom retention policy. You can prepare a set of conditions based on which the emails should be retained to proceed with the investigation. These set of conditions can then be defined in a single hold or multiple holds depending on the requirements. 

Prepare a Search:

Before you create a Hold, list down the criteria required for the particular investigation. Based on the various criteria, create different search conditions. You can save each of these search conditions as a 'Saved search'.  In case you need to get this reviewed by legal or compliance or admin teams, you can get it reviewed, before you create a 'Hold'. Saved search helps you to validate the different search conditions needed for the investigation before creating the Holds. 

Create a Hold: 

Each 'Investigation' will retain emails based on one or more holds as needed for the Investigation. A 'Hold' retains the email that is required for the investigation, based on a specific set of conditions. Since a single investigation or case may require to retain different sets of emails based on various conditions like subject, received time, sender, attachments and so on, there may be multiple 'Holds' created for each Investigation. 

Once a 'Hold' is created, the emails retained by the 'Hold' will be retained until the Hold exists. 


The results of a 'Hold' or a 'Saved search' can be exported by the administrator, whenever required. These exports will be scheduled and the administrators can download the exported files from the eDiscovery portal. 

Audit Logs

All the actions of the administrators in this portal will be recorded in the Audit logs section. Audit logs can be specific to the particular Inspection or common across the portal. 


Share this post : FacebookTwitter

Still can't find what you're looking for?

Write to us: