Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Glossary of TermsRabbitMQ LogsHow to Remove All RabbitMQ and Erlang Artifacts from Previous Installations (v13-v13.5)Service Task Type 10Can a Spirion Agent be set to run as "low priority"?Tips: How can I monitor pagefile usage during a scan?Tips: What are the Best Practices to Optimize Memory Usage During Scans?Tips: How does Despeckle interact with other OCR settings like Deskew?Tips: How to find the Outlook Folder GUIDs to use?Tips: How do I handle permission issues with Folder GUID scanning?Tips: What are common errors when Folder GUID permissions are insufficient?Tips: How to automate retrieving Folder GUIDs for multiple usersWhat permissions are needed for service accounts scanning GUIDs?What are the risks of scanning Email (Exchange) Public Folders in large organizations?Can I scan both Cached and Online Exchange Stores simultaneously?Tips: What are best practices for scanning large (Exchange) mailboxes?Tips: What are the Best Ways to Handle Duplicate Results from Scans of (Email) Public Folders?What are common mistakes when configuring Global Ignore Lists?Tips: How does scanning Online Archives affect scan duration?How can I optimize scan policies for Online Archives?What does a report for health information look like?How do I customize data types in the health information report?How do I test my custom RegEx before deployment?How to Install and Set Up the PostgreSQL ClientWhat Common File Types are Supported?Test Data for Local Spirion ClientWhat Version is My Spirion Sensitive Data Platform?What is Residual Data and Why is it Important?
FERPA
CCPA
CMMC
HIPAA
Release Notes
Reporting API
Customer Support Articles

Tips: What are best practices for scanning large (Exchange) mailboxes?

Scanning large mailboxes (50 GB+) requires a strategic approach to prevent the Spirion Agent from impacting user productivity or overwhelming the Exchange infrastructure.

Here are the established best practices for managing large-scale email scans:

1. Prioritize "Cached Mode" for Routine Scans

For standard, recurring scans, always set "Search only Cached Exchange Stores" to Yes.

  • Why: This limits the scan to the data already on the user's hard drive. It eliminates network latency and prevents the "Outlook is retrieving data" hang that frustrates users.
  • Trade-off: You may miss older data not synced to the local machine, but you gain significant stability and speed.

2. Use "Discovery-Only" Scans to Identify Hotspots

Before running a full sensitive data scan on thousands of large mailboxes, run a Discovery Scan ("Data Types" unchecked).

  • Why: This enables you to see which mailboxes are the largest and which folders contain the most items without the overhead of deep content analysis.
  • Action: Use the results to identify "problem" mailboxes that might need to be moved to a dedicated, off-hours scan group.

3. Leverage Folder GUIDs for Targeted Scanning

If you know that sensitive data is likely stored in specific areas (for example, "Finance" or "HR" folders), use the "Search Selected Outlook Folders" option with GUIDs.

  • Why: Instead of scanning a 100 GB mailbox, the Agent can jump directly to the 2 GB folder that actually matters. This reduces scan time from hours to minutes.

4. Exclude "Noise" Folders

Large mailboxes are often inflated by folders that rarely contain actionable sensitive data. Use the Exclude options in the wizard for:

  • Deleted Items / Dumpster: Unless required for legal reasons, excluding these can significantly reduce the item count.
  • Junk Email: High volume, low value.
  • RSS Feeds / Sync Issues: These folders often contain thousands of small system messages that slow down the MAPI crawler.

5. Manage Attachment Scanning

Attachments are the primary cause of "slow" email scans.

  • Limit by Size: Configure the policy to skip attachments larger than a certain size (for example, 20 MB). Large attachments often contain video or encrypted installers that Spirion cannot scan anyway.
  • Limit by Type: Exclude known "safe" or "unscannable" extensions (for example, .exe, .zip, .mp4) to keep the agent focused on documents and spreadsheets.

6. Throttle the Scan (CPU and Network)

For large mailboxes, the Agent is active for a longer duration.

  • CPU Throttling: Set the agent to "Low" or "Below Normal" priority in the policy settings. This ensures that even if the scan takes a long time, the user can still use Word, Excel, and Outlook without lag.
  • Staggered Start: Do not start scans for 5,000 users at the same time. Use the "Random Delay" feature in the Spirion Console to spread the start times over several hours.

7. Handle "Online Archives" Separately

If your organization uses Exchange Online Archives, do not include them in the same policy as the primary mailbox scan.

  • Why: Archives are almost always "Online Only." Scanning them requires setting "Search only Cached Exchange Stores" to No, which is slow.
  • Best Practice: Create a separate, quarterly policy specifically for Archives and run it during low-traffic periods (for example, weekends).

8. Monitor for "MAPI_E_TABLE_TOO_BIG"

In extremely large folders (for example, an Inbox with 100,000+ items), the MAPI subsystem itself may fail.

  • The Fix: If you see this error in the logs, the user must be instructed to archive their data into sub-folders. Spirion (and Outlook) performs much better with 10 folders of 10,000 items than 1 folder of 100,000 items.

Summary

For large mailboxes, speed is achieved through exclusion. By focusing on Cached data, using GUIDs for targeting, and excluding high-volume/low-value folders, you can maintain a strong security posture without disrupting the business.

Was this article helpful?

Powered by Product Fruits