JP2014123405A - E-mail audit device, control method thereof, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To efficiently perform audit work of an auditor who audits an e-mail.SOLUTION: An e-mail audit device includes: management means of managing data of each division mail generated by dividing addresses set to an e-mail into individuals; specification means of specifying each division mail generated by dividing the addresses into the individuals, in accordance with the data of each division mail managed by the management means; setting means of setting each division mail specified by the specification means to an audit object in which the division mails are collectively audited; and reception means of receiving the audit result of each division mail set to the audit object in which the division mails are collectively audited by the setting means.

Description

  The present invention relates to an electronic mail audit apparatus, a control method therefor, and a program, and more particularly to a technique for improving the efficiency of audit work performed by an auditor who performs an electronic mail audit.

  In recent years, leakage of personal information and confidential information has been affecting corporate trust. Information leakage may occur due to unauthorized access from the outside, but most are caused by carelessness of people inside the company, and information leakage is caused by inadvertent transmission of files using e-mail, etc. I sometimes get up. Since the Personal Information Protection Law was enforced in 2005, it has become an urgent task for companies to take measures against information leakage.

  Therefore, when an e-mail is sent from an internal network to an external network, measures against information leakage are introduced, such as by introducing an e-mail audit system that decides whether or not to permit delivery according to the content of the e-mail. I have taken.

  In addition, emails sent from corporate mail servers can be saved as log data, and in the unlikely event that a leak occurs, it is possible to investigate afterwards what kind of situation has occurred. I am doing so.

  In such a system, a keyword or the like is set, and mail that uses the keyword is made undeliverable, or delivery is permitted to the superior (administrator) of the employee who sent the e-mail. Notify you to choose. In general, mail transmission is controlled according to the selection by the administrator.

  As such prior art, Patent Document 1 discloses a mechanism for checking in advance the content of a mail to be transmitted and preventing an undesired mail from being transmitted in advance.

  Also, in Patent Document 2, if it is determined that the email is transmitted from the email address of the email transmission destination, a list of approvers corresponding to the sender of the email is displayed, and the approver is selected and selected. It is disclosed that the mail is put on hold until it is approved by the approved approver.

JP 2007-272607 A JP 2007-65787 A

  However, in order to perform transmission control, such as disabling the delivery of emails that use a certain keyword, the delivery of emails that may not be delivered or emails that should not be delivered There is a possibility that it will be.

  Therefore, an auditor who audits whether or not such e-mail transmission control is properly performed should audit whether or not the e-mail after the transmission control is appropriate. Is required.

  However, as the number of e-mails evaluated by the auditor increases, the burden on the auditor increases.

  In addition, when the mail server uses a mail transfer agent (MTA) such as qmail (queue mail), a split mail is generated by individually dividing the destination of envelope information of the received electronic mail, and the split mail is Will be delivered.

  In such an environment, when auditing each email that is divided into destinations, the auditor must audit each one of the emails that have different destinations, which increases the workload of the auditor. Resulting in.

  That is, as the number of e-mail destinations increases, a mail server using a mail transfer agent (MTA) such as qmail (queue mail) generates a divided mail in which the addresses are individually divided. If the inspector audits one email at a time, the workload of the auditor increases.

  SUMMARY OF THE INVENTION An object of the present invention is to provide a mechanism for improving the efficiency of auditing work performed by an auditor who performs an electronic mail audit.

  The present invention provides a management unit that manages data of each divided mail generated by individually dividing a destination set in an e-mail, and each destination according to the data of each divided mail managed by the management unit. Specific means for specifying each divided mail generated by being divided into two, a setting means for setting each divided mail specified by the specifying means as an audit target to be audited together, and an audit collectively by the setting means Receiving means for receiving an audit result of each divided mail set as an audit target to be performed.

  The present invention is also a method for controlling an electronic mail auditing apparatus comprising a management means for managing data of each divided mail generated by individually dividing a destination set in an electronic mail, the electronic mail auditing A device specifying means for specifying each divided mail generated by individually dividing a destination according to the data of each divided mail managed by the management means; and a setting means for the electronic mail auditing device. The setting step of setting each divided mail specified by the specifying step as an audit target to be audited collectively, and the receiving means of the e-mail auditing device are set as audit targets to be audited collectively by the setting step. And a receiving step for receiving the audit result of each divided mail.

  Further, the present invention is a program that can be read and executed by an e-mail auditing device provided with a management unit that manages data of each divided mail generated by individually dividing a destination set in an e-mail, The electronic mail auditing apparatus includes: a specifying unit that specifies each divided mail generated by individually dividing a destination according to data of each divided mail managed by the management unit; and each division specified by the specifying unit It is characterized by functioning as a setting means for setting a mail to be an audit target to be audited collectively and a receiving means for receiving the audit result of each divided mail set as an audit target to be collectively audited by the setting means.

  ADVANTAGE OF THE INVENTION According to this invention, the audit work of the auditor who audits an electronic mail can be made efficient.

It is a system configuration figure showing an example of the composition of the information processing system of the present invention. 1 is a block diagram showing a hardware configuration of an information processing apparatus applicable to the e-mail monitoring server 101, e-mail server 102, sender terminal 103, administrator terminal 104, e-mail server 111, and recipient terminal 112 shown in FIG. It is. It is a sequence chart which shows operation | movement of the information processing system which concerns on embodiment of this invention. 5 is a flowchart illustrating an email storage process and a transmission permission / inhibition determination process performed by the email monitoring server 101. It is a figure which shows an example of a log table. It is a flowchart which shows the detailed process of the preliminary | backup audit (step S307-S310) shown in FIG. It is a figure which shows an example of the screen used when the administrator of the group to which the sender of the said email belongs audits beforehand with respect to the email suspended from transmission by the email monitoring server 101. It is a flowchart which shows the detailed process of the post audit (step S311-S313) shown in FIG. It is an example of the flowchart which shows the detailed process of step S811. It is an example of the flowchart which shows the detailed process of step S810. It is a figure which shows an example of an email search screen. It is a figure which shows an example of the aggregation screen of an email. It is a figure which shows an example of the list display screen of each collected email. It is a figure which shows an example of the audit screen of an individual mail. It is a figure which shows an example of the audit screen of an aggregate mail. It is a figure which shows an example of the mail list screen. It is a figure which shows an example of a transmission impossible condition (a) and a transmission suspension condition (b). 3 is a functional block diagram of an email monitoring server 101. FIG.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments to which the invention is applied will be described in detail with reference to the accompanying drawings.

  FIG. 1 is a diagram showing a configuration of an information processing system according to an embodiment of the present invention.

  In FIG. 1, reference numeral 101 denotes an electronic mail monitoring server. The e-mail monitoring server 101 stores the e-mail storage process instructed to be transmitted from the local network 105 to the wide-area line 120, the transmission permission / rejection determination / holding determination process, the transmission permission / rejection determination, and the conditions for determining the hold.・ Has a function to change. The e-mail monitoring server 101 has a configuration as an application example of the e-mail auditing apparatus of the present invention.

  The e-mail monitoring server 101 also has a function of determining an administrator who performs e-mail auditing according to an e-mail transmission source address or a transmission destination address. Reference numeral 102 denotes an electronic mail server.

  The e-mail server 102 transmits and receives mail between a sender terminal (information processing apparatus) 103 and an administrator terminal (information processing apparatus) 104, for example. The e-mail server 102 manages mail transmission / reception between the sender terminal (information processing apparatus) 103 and an apparatus outside the local network 105 (the receiver terminal (information processing apparatus) 112 in the figure). As described above, the e-mail server 102 performs a process of transmitting mail to the transmission destination specified by the mail address. Since such a series of processes performed by the e-mail server 102 is well known, further explanation is omitted.

  Reference numerals 103 and 104 denote information processing apparatuses, which are ordinary computers and have an e-mail transmission / reception function. Reference numerals 103 and 104 operate as Web service clients.

  An administrator terminal (information processing apparatus) 104 is a terminal used by an administrator, and is a terminal that audits an email whose transmission is suspended by the email monitoring server 101 and an audit of a transmitted email. . In the present embodiment, the administrator terminal (information processing apparatus) 104 will be described as a terminal used by the administrator.

  The administrator terminal 104 is an application example of the external device of the present invention.

  A receiver terminal (information processing apparatus) 112 and an e-mail server 111 are connected to the local network 113, which are the same as the sender terminal (information processing apparatus) 103, the e-mail server 102, and the local network 105, respectively. Since there are, explanation concerning these is omitted.

  2, the information processing apparatus applicable to the email monitoring server 101, the email server 102, the sender terminal 103, the administrator terminal 104, the email server 111, and the receiver terminal 112 shown in FIG. The hardware configuration will be described.

  2 is a hardware configuration of an information processing apparatus applicable to the email monitoring server 101, the email server 102, the sender terminal 103, the administrator terminal 104, the email server 111, and the receiver terminal 112 shown in FIG. FIG.

  In FIG. 2, reference numeral 201 denotes a CPU that comprehensively controls each device and controller connected to the system bus 204. Further, the ROM 202 or the external memory 211 is necessary to realize a BIOS (Basic Input / Output System) or an operating system program (hereinafter referred to as an OS), which is a control program of the CPU 201, or a function executed by each server or each PC. Various programs to be described later are stored.

  A RAM 203 functions as a main memory, work area, and the like for the CPU 201. The CPU 201 implements various operations by loading a program or the like necessary for execution of processing from the ROM 202 or the external memory 211 into the RAM 203 and executing the loaded program.

  An input controller 205 controls input from an input device such as a keyboard (KB) 209 or a pointing device such as a mouse (not shown). A video controller 206 controls display on a display 210 such as a liquid crystal display. The display 210 is a touch panel and functions as an input device that can be operated by pressing a screen on the display.

  A memory controller 207 is provided in an external storage device (hard disk (HD)), flexible disk (FD), or PCMCIA card slot for storing a boot program, various applications, font data, user files, editing files, various data, and the like. Controls access to an external memory 211 such as a compact flash (registered trademark) memory connected via an adapter.

  A communication I / F controller 208 connects and communicates with an external device via a network, and executes communication control processing on the network. For example, communication using TCP / IP is possible.

  Note that the CPU 201 enables display on the display 210 by executing outline font rasterization processing on a display information area in the RAM 203, for example. Further, the CPU 201 enables a user instruction with a mouse cursor (not shown) on the display 210.

  Various programs to be described later for realizing the present invention are recorded in the external memory 211 and executed by the CPU 201 by being loaded into the RAM 203 as necessary. Furthermore, definition files and various information tables used when executing the program are also stored in the external memory 211, and a detailed description thereof will be described later.

  FIG. 3 is a sequence chart showing the operation of the information processing system according to the embodiment of the present invention. Here, a case where the sender terminal 103 instructs the external recipient terminal 112 to send an e-mail will be described.

  First, when the sender terminal 103 transmits an e-mail (step S301), the e-mail server 102 that has acquired the e-mail divides the envelope destination of the e-mail, (Divided mail) is generated (step S302). In step S302, for example, when an e-mail in which the transmission destination address A and the transmission destination address B are set is acquired, an e-mail of the transmission destination address A (only the transmission destination address A is set as the destination, and the transmission destination address B is an e-mail that is not set as a destination) and an e-mail with a destination address B (only the destination address B is set as a destination and the destination address A is not set as a destination). Generate each. Then, the generated e-mail (divided mail) is transmitted to the e-mail monitoring server 101 (step S303).

  As in step S303, since each of the plurality of mail delivery programs delivers each of the divided emails, the delivery performance is high, and since the program is simple, there is a security vulnerability. Effects such as lowering can be obtained.

  Then, when the e-mail monitoring server 101 acquires the e-mail, whether or not the e-mail matches a filtering rule (transmission disable condition or transmission hold condition shown in FIG. 17) stored in the e-mail monitoring server 101. Is determined (step S304).

  Here, the case where the e-mail monitoring server 101 acquires an e-mail to be transmitted from the sender terminal 103 to the external recipient terminal 112 has been described. However, the e-mail monitoring server 101 may acquire an e-mail addressed to the sender terminal 103 transmitted from the external recipient terminal 112. Of course, the configuration may be such that the e-mail monitoring server 101 acquires an e-mail transmitted from the sender terminal 103 to the administrator terminal 104 and determines whether or not the filtering rule is met.

  Here, the transmission disabling condition (a) and the transmission suspension condition (b) shown in FIG. 17 will be described. FIG. 17A is an example of a transmission disabling condition that is a filtering rule. FIG. 17A shows examples of Condition 1, Condition 2, Condition 3, Condition 4, Condition 5, and five transmission disabled conditions.

  The CPU 201 of the e-mail monitoring server 101 determines whether the transmitted e-mail is an e-mail that meets any one of the five conditions. If they match, the CPU 201 of the email monitoring server 101 cancels the transmission of the email and notifies the sender terminal 103, which is the transmission source, that the transmission of the email has been stopped (step S305). .

  Hereinafter, each condition of the transmission disabling condition (a) shown in FIG.

Condition 1: “*** 1.co.jp” (predetermined domain name) is included in the mail address of the e-mail destination.

Condition 2: A predetermined character string “XX company” is included in the mail text of the e-mail.

Condition 3: A predetermined character string “confidential” is included in the attached data of the e-mail.

Condition 4: The total file size of the attached data of the e-mail exceeds 1 MB (megabyte).

Condition 5: “*** 2.co.jp” (predetermined domain name) is included in the mail address of the e-mail destination, and a predetermined character string “△ Company” is included in the mail body of the e-mail. A predetermined character string “confidential” is included in the attached data of the e-mail, and the total file size of the attached data of the e-mail exceeds 0.9 MB (megabytes).

  Next, the transmission suspension condition shown in FIG. FIG. 17B is an example of a transmission suspension condition that is a filtering rule. FIG. 17B shows examples of Condition 1, Condition 2, Condition 3, Condition 4, Condition 5, and five transmission suspension conditions.

  The CPU 201 of the e-mail monitoring server 101 determines whether or not the acquired e-mail is an e-mail that matches any one of the five conditions. If it is determined that the e-mail matches, the CPU 201 does not send the e-mail and holds it. To do. That is, the electronic mail is stored in a storage unit such as the external memory 211 or the RAM 203 of the electronic mail monitoring server 101.

  As described above, when the transmission monitoring condition is satisfied, the CPU 201 of the email monitoring server 101 determines that the email is an email that needs to be audited by the administrator, and requests the administrator terminal to make a pre-audit request. (Step S307).

  Hereinafter, each condition of the transmission suspension condition shown in FIG.

Condition 1: “tana@***.co.jp” (predetermined mail address) is included in the mail address of the e-mail destination.

Condition 2: A predetermined character string “XX company” is included in the mail text of the e-mail.

Condition 3: A predetermined character string “limited to related parties” is included in the attached data of the e-mail.

Condition 4: The total file size of the attached data of the e-mail exceeds 0.7 MB (megabytes).

Condition 5: “*** 2.co.jp” (predetermined domain name) is included in the mail address of the e-mail destination, and a predetermined character string “△ Company” is included in the mail body of the e-mail. A predetermined character string “copy prohibited” is included in the attached data of the e-mail, and the total file size of the attached data of the e-mail exceeds 0.5 MB (megabytes).

  In addition, the CPU 201 of the email monitoring server 101 determines whether the email sent from the sender terminal 103 is in either of the transmission disabling condition (FIG. 17A) and the transmission suspension condition (FIG. 17B). Are determined not to match, the electronic mail is transmitted to the recipient terminal 112 via the external network (wide area line) 113 (step S306).

  As described above, the CPU 201 of the e-mail monitoring server 101 transmits (relays) the e-mail to the destination set in the e-mail according to the acquired e-mail data, the transmission disabled condition, and the transmission hold condition. Or, it is determined whether to hold without transmitting or to cancel without transmitting.

  When the transmission of the e-mail is suspended, the CPU 201 of the e-mail monitoring server 101 causes the administrator to perform a pre-inspection (steps S307 to S310).

  Specifically, the CPU 201 of the email monitoring server 101 makes an audit request for the email to the administrator terminal 104 (step S307).

  When the CPU 201 of the administrator terminal 104 receives the audit request, the CPU 201 displays that the audit request has been received on the display 210 of the administrator terminal 104.

  When the CPU 201 of the administrator terminal 104 receives an instruction to display a list screen of emails to be pre-audited from the administrator, the CPU 201 requests the email monitoring server 101 to display a list of emails to be pre-audited (step S308). ).

  The CPU 201 of the e-mail monitoring server 101 that has received the e-mail list display request displays a list display screen (FIG. 7) (hereinafter also referred to as a pre-audit screen) of e-mails whose transmission is suspended and to be pre-audited. The information to be generated is generated and the generated information is transmitted to the administrator terminal 104 (step S309).

  Next, the CPU 201 of the administrator terminal 104 displays a list display screen of emails to be pre-inspected based on the information, and accepts whether or not the displayed email can be transmitted from the administrator. Then, the CPU 201 of the administrator terminal 104 transmits the result of the pre-audit received from the administrator (whether the electronic mail can be transmitted or suspended) to the electronic mail monitoring server 101 (step S310).

  The CPU 201 of the e-mail monitoring server 101 that has received the result of the preliminary audit stores the result in a storage unit such as the external memory 211 and executes processing corresponding to the result.

  That is, if the transmission of the email is permitted, the CPU 201 of the email monitoring server 101 transmits the email to the recipient terminal 112 (step S306). On the other hand, if the transmission of the e-mail is rejected, the CPU 201 of the e-mail monitoring server 101 stops the transmission of the e-mail and notifies the sender terminal 103 to that effect (step S305). If the transmission of the e-mail is suspended, the CPU 201 of the e-mail monitoring server 101 stores the e-mail to be pre-audited in a storage unit such as the external memory 211.

  As described above, in the present embodiment, it is determined whether to transmit (relay) an e-mail according to the transmission disabling condition and the transmission suspension condition or the administrator's determination in the preliminary audit.

  However, since the information processing system according to the present embodiment is intended to perform “audit” related to transmission / reception of electronic mail, it is required that the administrator himself / herself audits as much as possible.

  In other words, it is necessary to audit (recognize) after the determination whether the e-mail can be transmitted (relayed) or the e-mail that should be stopped. .

  The outline of the post-audit will be described below using steps S311 to S313 shown in FIG.

  The CPU 201 of the administrator terminal 104 transmits a request for performing post-audit to the email monitoring server 101 (step S311). The CPU 201 of the e-mail monitoring server 101 that has received the request generates information for displaying a list display screen of e-mails to be post-audit, and transmits the generated information to the administrator terminal 104 (step S312). ).

  Then, the CPU 201 of the administrator terminal 104 displays a list display screen of emails that should be audited based on the information, and the administrator audits the displayed emails. When the administrator performs the audit, the CPU 201 of the administrator terminal 104 receives a designation (audit result) indicating whether the audit is performed or the browsing is performed from the administrator.

  Then, the CPU 201 of the manager terminal 104 transmits the audit result of the email received from the manager to the email monitoring server 101 (step S313).

  The CPU 201 of the email monitoring server 101 that has received the audit result of the email stores the evaluation result in a storage unit such as the external memory 211 in association with the email.

  Hereinafter, with reference to FIG. 4, the e-mail storage process and the transmission permission / inhibition determination process (step S304) performed by the e-mail monitoring server 101 will be described.

  FIG. 4 is a flowchart showing an email storing process and a transmission permission / inhibition determining process performed by the email monitoring server 101.

  This process is performed by the CPU 201 of the e-mail monitoring server 101 according to control by a program recorded in the external memory 211.

  In addition, the external memory 211 of the email monitoring server 101 temporarily transmits an email to stop transmission (not relay) of the email (FIG. 17 (a)) or to perform an advance audit. A transmission hold condition (FIG. 17B) indicating a hold condition is stored. The filtering rule is stored in the external memory 211.

  Further, group information and administrator information are stored in the external memory 211 of the email monitoring server 101. In the present embodiment, it is possible to specify the group to which the mail sender belongs and the manager of the group using this group information.

  First, the CPU 201 of the electronic mail monitoring server 101 acquires an electronic mail (divided mail) sent from the local network 105 to the wide area line 120 (step S401).

  Step S401 is an application example of acquisition means for acquiring data of each divided mail generated by individually dividing the destination set in the electronic mail transmitted from the sender terminal.

  In the present embodiment, a case where an e-mail sent to the wide area line 120 is acquired will be described.

  However, the CPU 201 of the email monitoring server 101 may acquire an email received from the wide area line 120 and determine whether to send the email to the local network 105 based on a filtering rule.

  Next, the CPU 201 of the e-mail monitoring server 101 determines whether or not the e-mail acquired in step S401 matches the transmission disabling condition (FIG. 17A) that is a filtering rule stored in the external memory 211. Is determined (step S402).

  If the CPU 201 of the e-mail monitoring server 101 determines that the e-mail acquired in step S401 matches the transmission disabled condition (YES in step S402), the process proceeds to step S403.

  Then, the CPU 201 of the email monitoring server 101 stops sending the email (step S403).

  Then, the CPU 201 of the e-mail monitoring server 101 transmits an e-mail indicating that the e-mail has not been transmitted to the sender address (sender address) of the e-mail because the e-mail has not been transmitted because of the transmission disabling condition (step). S404).

  If it is determined in step S402 that the email acquired in step S401 does not match the transmission disabling condition (NO in step S402), the CPU 201 of the email monitoring server 101 determines that the email acquired in step S401 is pending transmission. It is determined whether the condition (FIG. 17B) is met (step S405).

  If it is determined in step S405 that the e-mail acquired in step S401 does not match the transmission suspension condition (NO in step S405), the CPU 201 of the e-mail monitoring server 101 sends the e-mail to the wide area line 120. Send out (step S410). Here, in the case of the electronic mail received (acquired) from the wide area line 120 in step S401, the electronic mail is transmitted (relayed) to the local network 113.

  On the other hand, if it is determined in step S405 that the transmission hold condition is met (YES in step S405), the CPU 201 of the e-mail monitoring server 101 “holds” the e-mail transmission process acquired in step S401. (Step S406). Then, the CPU 201 of the email monitoring server 101 advances the process to step S407.

  Note that the e-mail suspended here becomes an e-mail subject to a pre-inspection in which the administrator of the e-mail sender makes an instruction to determine whether transmission is possible / not possible after visual confirmation.

  Next, the CPU 201 of the email monitoring server 101 specifies the sender of the email (step S407).

  The sender of the mail is specified by acquiring the mail address of the sender of the electronic mail from the header information of the electronic mail and specifying the user to whom the mail address is assigned.

  Then, the CPU 201 of the email monitoring server 101 identifies the sender of the email (sender), and then identifies the administrator of the email sender (step S408).

  This is performed by specifying the manager of the group to which the e-mail sender belongs from the group information and manager information stored in the external memory 211 of the e-mail monitoring server 101. The group information is configured so that a sender (which may be a transmission source address) and a group are stored in association with each other, and when the sender is specified, the corresponding group can be specified. Yes. In addition, the administrator information is registered in association with the group and the administrator of the group (e-mail address of the administrator). When the group is specified, the administrator corresponding to the group is specified. It is configured to be able to.

  Next, the CPU 201 of the e-mail monitoring server 101 notifies the administrator terminal 104 of the administrator identified in step S408 so that an e-mail pre-inspection is performed. As this notification, for example, the CPU 201 of the e-mail monitoring server 101 may send an e-mail indicating that a pre-audit is to be performed to the e-mail address assigned to the administrator.

  Further, when the administrator logs in to the application of the e-mail monitoring server 101, a message may be displayed so that pre-audit of the e-mail is performed.

  Then, after executing any one of steps S404, S408, and S410, the CPU 201 of the e-mail monitoring server 101 stores (saves) the e-mail acquired in step S401 in a storage unit such as the external memory 211. . At that time, the CPU 201 of the email monitoring server 101 sets a filtering result (data indicating the state of sending / holding / deleting) associated with the email (stored in the external memory 211) ( Step S409).

  That is, after executing step S404, data indicating “deletion (not transmitted)” when transmission of an electronic mail is stopped is set in association with the electronic mail as a filtering result.

  After executing step S408, data indicating “hold” when the transmission of the email is suspended is set as a filtering result in association with the email.

  After executing step S410, data indicating “sending” in the case of transmitting an e-mail is set in association with the e-mail as a filtering result.

  Specifically, the electronic mail (data constituting the electronic mail) acquired in step S401 and the filtering result are stored (saved) in the log table shown in FIG.

  FIG. 5 is a diagram illustrating an example of a log table.

  The memory storing the log table shown in FIG. 5 is an application example of management means for managing the data of each divided mail generated by individually dividing the destination set in the electronic mail.

  FIG. 5 shows an email ID of the email, each data constituting the email (sender's email address, recipient's email address, email body, attached file, transmission date and time, etc.), filtering result, email Data size, the date and time when the e-mail was received from the e-mail server 102, the same e-mail identification information for identifying the e-mail regarded as the same, and the status of the audit / browsing result are respectively stored. Here, the reception date and time is an application example of the acquisition date and time of the present invention.

  Here, the reception date and time is an application example of the time information of the present invention.

  FIG. 5 also stores a destination address (in header information) and a destination address (in envelope) as the recipient's mail address. Here, as shown in FIG. 5, the destination address (in the envelope) and the destination address (in the header information) are different for the emails that are divided into destinations. In the example of FIG. 5, each of the emails having the email IDs “001”, “002”, and “003” is an email that has been divided into envelope destinations in S302.

  Further, the transmission date and time shown in FIG. 5 is the transmission date and time when the electronic mail is transmitted from the sender terminal 103 and is information included in the electronic mail. Further, the reception date and time shown in FIG. 5 indicates the reception date and time when the electronic mail is received from the electronic mail server 102 as described above. That is, the reception date / time shown in FIG. 5 stores the reception date / time received in step S401.

  After the process of step S409, this process ends.

  FIG. 6 is a flowchart showing detailed processing of the pre-audit (steps S307 to S310) shown in FIG. 3, and shows processing for the administrator to perform pre-audit of e-mail.

  Note that the processing of steps S601 and S605 to S610 is executed by the CPU 201 in accordance with control by a program recorded in the external memory 211 of the administrator terminal 104.

  Further, the processing of steps S602 to 604 and S611 to 617 is executed by the CPU 201 according to control by a program recorded in the external memory 211 of the e-mail monitoring server 101.

  First, the CPU 201 of the administrator terminal 104 transmits a request for performing a pre-audit to the e-mail monitoring server 101 (step S601).

  When the CPU 201 of the e-mail monitoring server 101 receives a request for performing the preliminary audit from the administrator terminal 104 (step S602), the CPU 201 first checks the authority of the user who has made the request. That is, it is determined whether the user is a user having administrator authority.

  If it is determined that the user who made the request is not an administrator, that is, it is not a group administrator in both the past and the present, the CPU 201 of the email monitoring server ends this processing (not shown).

  On the other hand, if it is determined that the user who made the request is an administrator, the CPU 201 of the email monitoring server 101 sends an email whose filtering result recorded in the external memory 211 is set to “pending”. Then, it is extracted from the log table (FIG. 5) stored in the storage means of the e-mail monitoring server 101 (step S603).

  Subsequently, the CPU 201 of the e-mail monitoring server 101 generates information for displaying the e-mail list screen extracted in step S603 and transmits the information to the administrator terminal 104 (step S604).

  Next, when the CPU 201 of the administrator terminal 104 receives information for displaying the list screen (step S605), the CPU 201 displays a list screen of emails suspended based on the information (step S606). Here, for example, the pre-audit screen shown in FIG. 7 is displayed.

  FIG. 7 shows a screen used when an administrator of the group to which the sender of the email belongs (group manager) performs an audit in advance for an email whose transmission is suspended by the email monitoring server 101. It is a figure which shows an example.

  With the operation through the screen of FIG. 7, the administrator gives an instruction to transmit / delete (not transmit) the suspended mail.

  On this screen, the CPU 201 of the administrator terminal 104 controls the CPU 201 to display a mail content confirmation screen (not shown) on the display device by clicking a mail transmission source address.

  The CPU 201 of the administrator terminal 104 receives an instruction to select an e-mail to be “sent”, “deleted”, or “hold” from the administrator (step S607), and “send”, “delete”, or “hold” is received. A change instruction is accepted (step S608).

  Specifically, the check box 704 in FIG. 7 accepts selection of an e-mail to be “sent”, “deleted”, or “hold”, and includes any of a transmission hold button 701, a transmission stop button 702, and a transmission permission button 703. Is pressed, it is possible to “hold”, “delete”, and “send” the selected e-mail.

  Then, the CPU 201 of the administrator terminal 104 transmits the change instruction received in step S608 to the email monitoring server 101 (step S609).

  Subsequently, the CPU 201 of the administrator terminal 104 determines whether or not an end instruction from the administrator has been accepted (step S610). When the termination instruction from the administrator has not been received (NO in step S610), the CPU 201 of the administrator terminal 104 displays the preliminary audit screen illustrated in FIG. 7 until the termination instruction is received. On the other hand, when an end instruction from the administrator is received (YES in step S610), the process ends.

  The CPU 201 of the email monitoring server 101 accepts a change instruction indicating suspension / sending / deleting (not sending) of email from the administrator terminal 104 (step S611).

  Then, the CPU 201 of the email monitoring server 101 determines whether or not the received change instruction is transmission (transmission) (step S612). If it is determined to be sent (YES in step S612), the CPU 201 of the administrator terminal 104 sends the e-mail instructed to be sent to the wide area line 120 (step S613). On the other hand, if it is determined that the transmission is not performed, the process proceeds to step S615.

  The CPU 201 of the e-mail monitoring server 101 changes the filtering result of the e-mail sent to the wide area line 120 to “transmission after holding” (step S614), and the process proceeds to step S615.

  Subsequently, the CPU 201 of the email monitoring server 101 determines whether or not the change instruction received in step S611 is deletion (not transmitted) (step S615). As a result, if it is determined to be deleted (not transmitted) (YES in step S615), the e-mail monitoring server 101 deletes the e-mail without sending it (step S616). Subsequently, the e-mail monitoring server 101 changes the filtering result of the e-mail to “delete after hold” (step S617), and proceeds to step S603.

  On the other hand, if the CPU 201 of the email monitoring server 101 determines that the change instruction received in step S611 is not deletion (not transmitted), the CPU 201 determines that the change instruction is pending transmission, and proceeds to step S603.

  In the above-described configuration, the example in which the pre-inspection is performed on the transmission mail has been described. However, the pre-inspection may be performed on both the reception mail and the transmission / reception mail. When auditing a received mail, a plurality of received addresses are described, and when the plurality of received addresses straddle a plurality of groups, the received mail is configured to be audited by a plurality of administrators.

  FIG. 8 is a flowchart showing detailed processing of the post-audit (steps S311 to S313) shown in FIG. 3, and shows processing for the administrator to perform post-audit of e-mail. Hereinafter, processing for performing post-audit of electronic mail will be described with reference to FIG.

  FIG. 8 corresponds to the processing performed by the email monitoring server 101 and the administrator terminal 104 in the post-audit of email. This process is performed by the CPU 201 of the e-mail monitoring server 101 and the administrator terminal 104 according to control by a program recorded in the external memory 211.

  The CPU 201 of the administrator terminal 104 transmits a request for performing post-audit to the email monitoring server 101 (step S801).

  When the CPU 201 of the e-mail monitoring server 101 receives the request from the administrator terminal 104 (step S802), the CPU 201 of the e-mail monitoring server 101 transmits information on the search screen for the e-mail subject to the post-audit to the administrator terminal 104 (step S803).

  Then, the CPU 201 of the administrator terminal 104 receives information on a search screen for an e-mail subject to the post-audit from the e-mail monitoring server 101 (step S804).

  Subsequently, based on the received information, the CPU 201 of the administrator terminal 104 displays an e-mail search screen (FIG. 11) for searching for an e-mail subject to the post-audit on the display 210 of the administrator terminal 104. (Step S805).

  FIG. 11 is a diagram illustrating an example of an e-mail search screen.

  As shown in FIG. 11, the e-mail search screen includes a period 1101 (date and time when the e-mail was sent), e-mail sender address 1102, e-mail as conditions for searching for e-mails subject to post-audit. Destination address 1103, e-mail data size 1104, keyword 1105 included in the e-mail, and search result display format 1106 can be set.

  When each search condition is entered, a check is entered in the “collected and displayed” checkbox in the display format 1106, and the user presses the search button 1107, the e-mail server 102 divides the envelope destination in S302. Thus, a display screen of a format that can be audited collectively for each of the generated e-mails, rather than auditing each individually, is provided. Details will be described later.

  Next, the CPU 201 of the administrator terminal 104 accepts input of each search condition and display format from the auditor (administrator) via the e-mail search screen (FIG. 11) (step S806), and a search button. When 1107 is pressed, the input search conditions and display format are transmitted to the email monitoring server 101 (step S807).

  The CPU 201 of the e-mail monitoring server 101 receives each search condition and display format input via the e-mail search screen (FIG. 11) from the administrator terminal 104 (step S808). It is determined whether or not the information indicating “consolidate and display” is included therein (the check box of “consolidate and display” in the display format 1106 is checked) (step S106). S809).

  In step S808, the external device (administrator terminal) displays setting information (information indicating “collected and displayed”) indicating whether the divided mails generated by individually dividing the destinations are collectively audited. It is an application example of the setting reception means received from.

  Here, the e-mail monitoring server 101, when the check box “collected and displayed” is checked, setting information indicating that auditing is performed collectively (indicating that “displayed collectively”) Information) is received from the administrator terminal, but if the “Display in a consolidated view” check box is not checked, do not audit each split email generated by dividing the destination individually. The setting information shown is accepted. In addition, even when information indicating that “consolidate and display” cannot be received, it is considered that setting information indicating that auditing is not performed is accepted.

  Then, the CPU 201 of the e-mail monitoring server 101 includes information indicating “collected and displayed” (the check box “collected and displayed” in the display format 1106 is checked). If it is determined (YES), the process proceeds to step S810. On the other hand, the information indicating that “collectively display” is not included (“collectively display” in the display format 1106). If the check box is not checked (NO), the process proceeds to step S811.

  When the process of step S811 or step S810 is performed, the process ends.

  Detailed processing in step S811 will be described in detail with reference to FIG.

  The detailed processing in step S810 will be described in detail with reference to FIG.

  FIG. 9 is an example of a flowchart showing the detailed processing of step S810.

  Note that the processing in steps S <b> 901 to S <b> 918 is executed by the CPU 201 of the administrator terminal 104 according to control by a program recorded in the external memory 211 of the administrator terminal 104.

  Further, the processing of steps S919 to S940 is executed by the CPU 201 of the e-mail monitoring server 101 in accordance with control by a program recorded in the external memory 211 of the e-mail monitoring server 101.

  The e-mail monitoring server 101 includes each search condition (1101, 1102) entered on the e-mail search screen of FIG. 11 among the e-mails stored in the log table (FIG. 5) stored in the external memory 211. 1103, 1104, and 1105) are searched for and specified.

  Then, among the identified e-mails (in this case, the e-mails of the records in the log table of FIG. 5), the reception date and time received from the e-mail server 102 is sorted in the latest order, and the latest latest reception is performed. Processes are executed in order from the date and time.

  First, the e-mail monitoring server 101 uses the header information (source address, e-mail subject (title), transmission date / time, destination address) included in the e-mail of the record to be processed (the log table record in FIG. 5). (Reporter address) is set as a condition to be regarded as the same as the e-mail (step S919).

  Here, the destination address and the broadcaster address included as header information of the electronic mail may be different from the destination address and the broadcaster address set in the envelope. That is, the transmission destination address and the broadcaster address set in the envelope of the electronic mail before being divided into destinations in step S302 are included as the transmission destination address and the broadcaster address of the header information of the electronic mail. Since the destination address is set in the envelope of each email after the destination is divided in step S302, only one destination is set because the destination is divided.

  Next, the header information (source address, mail subject (title)) included in the e-mail of the set condition and the next record in the log table of FIG. 5 (the lower record immediately after the record to be processed) The transmission date and time, the transmission destination address, and the broadcaster address) are the same (matched) or not (step S920). In step S920, any of the transmission source address, the mail subject (title), the transmission date and time, the transmission destination address, the broadcaster address, or a combination thereof, or all of the header information included in the e-mail are the same. By determining whether or not, it is possible to specify each electronic mail generated by dividing the destination.

  As described above, step S920 is an application example of specifying means for specifying each divided mail generated by dividing the destination individually according to the data of each divided mail.

  That is, in step S920, among the divided mail data managed by the management unit, the divided mail including the same data as the predetermined data is specified as each divided mail generated by dividing the destination individually.

If it is determined that the header information is the same (YES), the reception date / time of the email determined to be the same is within a predetermined time (for example, 300 seconds: 5) from the reception date / time of the record to be processed. Minute)) (step S921). As described above, in step S921, each divided mail generated by dividing the destination individually can be specified according to the time information included in the data of each divided mail.

  If it is determined that it is within the predetermined time (YES), the data size (generated in combination) when the e-mail determined to have the same header information and the e-mail of the record currently being processed is combined. It is determined whether the data size of the received e-mail is equal to or larger than a predetermined size. If it is determined that the size is not equal to or larger than the predetermined size (NO), the e-mail determined to have the same header information and the e-mail of the record currently being processed are divided at the envelope destination in step S302. It is determined that the e-mail is the same e-mail. That is, in order to regard the email determined to have the same header information and the email of the record currently being processed as the same email (that is, the email determined to have the same header information) In order to indicate that each of the emails of the record currently being processed is an email generated by dividing the destination, identification information indicating that the emails are the same, Is added to the same mail identification information in the log table record of FIG. 6 (step S923). In step S921 and step S922, by limiting the e-mails that are identified as the same e-mail (e-mails generated by being divided into destinations), e-mails that are not generated by being divided into destinations (non-identical e-mails) ) Can be prevented from being determined as an e-mail generated by dividing the address, and the memory (RAM) of the e-mail monitoring server 101 can be used effectively, thereby making it difficult to reduce the throughput of processing.

  Step S903 is an application example of setting means for setting the specified divided mails as audit targets to be audited collectively.

  If there is a record in the next log table in FIG. 5 (a lower-order record of the record to be processed) (NO in step S924), the electronic mail of the record in the next log table in FIG. 5 is compared. The process proceeds to step S920.

  If it is determined in step S921 that it is not within the predetermined time (NO), or if it is determined in step S922 that the predetermined size is exceeded (YES), the process proceeds to step S925.

  If it is determined in step S924 that there is no record in the next log table in FIG. 5, the process also proceeds to step S925.

  In step S925, it is determined whether or not there is an e-mail next to the e-mail to be processed (subordinate). Here, in step S923, an e-mail in which identification information indicating that it is the same e-mail is already added to the same e-mail identification information is excluded from the determination process here.

  If it is determined in step S925 that there is an e-mail next to (subordinate to) the current e-mail to be processed (YES), the process target is set to the e-mail record, and the process returns to step S919. .

  On the other hand, if it is determined in step S925 that there is no (lower) e-mail next to the e-mail to be processed (NO), the process proceeds to step S926.

  In step S926, by using the log table of FIG. 5, in step S923, an aggregation screen (as shown in FIG. 5) that aggregates and displays the emails to which the identification information indicating the same email is added as one email. Information (display information) for displaying the screen of FIG. 12) is generated.

  That is, the display information of the aggregation screen (FIG. 12) for generating and displaying the emails of the records including the same identification information in the same email identification information of FIG. 5 as one email is generated.

  Then, the e-mail monitoring server 101 transmits the display information generated in step S926 to the administrator terminal 104 (step S927).

  Upon receiving the display information for displaying FIG. 12 from the email monitoring server 101 (step S901), the administrator terminal 104 displays the email aggregation screen shown in FIG. 12 according to the display information (step S902).

  FIG. 12 is a diagram illustrating an example of an e-mail aggregation screen.

  In FIG. 12, the emails with the mail IDs “001”, “002”, and “003” in the log table (FIG. 5) are collectively displayed. 12 shows how many emails are aggregated, viewed, or audited in the item “Size / Number of Aggregated / Status”. If an auditor audits an email that has not been audited, the audit can be audited efficiently.

  Then, the administrator terminal 104 accepts the selection of the “list” or “title (mail subject)” of the aggregated electronic mail (simply referred to as “aggregated mail”) shown in FIG. 12 by the user. If it is determined by the user that the “list” of aggregated mail has been pressed (YES), an acquisition request for a list display screen (FIG. 13) of each aggregated email is transmitted to the email monitoring server 101 ( Step S905). On the other hand, when it is determined that the “title (mail subject)” of the aggregated mail has been pressed by the user (YES), an acquisition request for the audit screen (FIG. 15) of the aggregated mail is transmitted to the email monitoring server 101. (Step S914).

  The email monitoring server 101 receives from the administrator terminal 104 an acquisition request for a list display screen (FIG. 13) for each aggregated email or an acquisition request for an audit screen for aggregated email (FIG. 15) (steps). S928).

  Then, the e-mail monitoring server 101 receives an acquisition request for the list display screen (FIG. 13) of each aggregated e-mail from the administrator terminal 104, or issues an acquisition request for the audit screen (FIG. 15) for the aggregate e-mail. It is determined whether it has been received (step S929).

  If it is determined from the administrator terminal 104 that an acquisition request for the list display screen (FIG. 13) of each aggregated email has been received (NO in step S929), each aggregated email (identical for the email) The data of each e-mail to which the identification information is assigned is acquired from the log table (FIG. 5), and the display information for displaying the aggregated mail list display screen (FIG. 13) is generated ( Step S934). Then, the generated display information is transmitted to the administrator terminal 104 (step S935).

  On the other hand, if it is determined that an acquisition request for the aggregated mail audit screen (FIG. 15) has been received from the administrator terminal 104 (YES in step S929), each aggregated email (the same identification information for the email) Is acquired from the log table (FIG. 5), and display information for displaying the aggregated mail audit screen (FIG. 15) is generated (step S930). Then, the generated display information is transmitted to the administrator terminal 104 (step S931).

  Here, step S930 is an application example of a generating unit that generates e-mail data that is a combination of the divided mail data set as audit targets to be collectively audited.

  Step S931 is an application example of transmission means for transmitting screen information of a summary audit screen including data of each divided mail set as an audit target to be collectively audited to an external device.

  When the administrator terminal 104 receives the display information transmitted in step S935 from the e-mail monitoring server 101 (step S906), the administrator terminal 104 displays the list display screen of each aggregated mail shown in FIG. 13 according to the display information. (Step S907).

  Further, upon receiving the display information transmitted in step S931 from the email monitoring server 101 (step S915), the administrator terminal 104 displays the aggregated mail audit screen shown in FIG. 15 according to the display information (step S915). S916).

  FIG. 15 is a diagram illustrating an example of an aggregated mail audit screen.

  As shown in FIG. 15, all the destinations of the collected e-mails are displayed in the transmission destination address. Other source addresses, transmission dates and times, attached files, and mail text are the same for each electronic mail. In this way, the destinations are displayed in an aggregated manner.

  On the aggregated mail audit screen (FIG. 15), an “all audit” button 1501, a “view all” button 1502, and a “close” button 1503 are displayed, and the user presses these buttons (step S917). . Then, a request for the content selected here is transmitted to the e-mail monitoring server 101 (step S918).

  For example, when the “audit all” button 1501 is pressed by the user, a request for setting “audited” in the “status” of the record in the log table (FIG. 5) of each collected email is sent to the email. Transmit to the monitoring server 101.

  Further, when the user clicks on the “Browse All” button 1502, an email monitoring request for setting “viewed” in the “status” of the record of the log table (FIG. 5) of each aggregated email is displayed. Send to server 101.

  When the “close” button 1503 is pressed, the process is terminated.

  In step S932, the email monitoring server 101 receives the request transmitted in step S918. When the request here is a request for setting “audited” in the “status” of the record of the log table (FIG. 5) of each email aggregated in the aggregated mail displayed in FIG. 15, As an audit result, “audited” is set in the “situation” of the record of the log table (FIG. 5) of each electronic mail (step S933).

  Step S932 is an application example of a reception unit that receives the audit result of each divided mail set as an audit target to be audited collectively.

  Further, the email monitoring server 101 determines that the request received in step S932 is “viewed” in the “situation” of the record of the log table (FIG. 5) of each email collected in the consolidated email displayed in FIG. In the case of a request for setting “viewed”, “viewed” is set in the “status” of the record of the log table (FIG. 5) of each e-mail (step S933).

  Then, it is determined whether or not an end instruction has been received (step S940). If an end instruction has been given by the administrator, the process ends. If no end instruction has been received, the process proceeds to step S919. .

  Next, in step S907, when the administrator terminal 104 displays a list display screen (FIG. 13) of each email aggregated as a consolidated email, the administrator terminal 104 “title (mail subject) of the email to be audited by the administrator”. ) ”Is accepted (step S908).

  Then, a request for an audit screen of the e-mail with the title (e-mail subject) whose selection is accepted in step S908 is transmitted to the e-mail monitoring server 101 (step S909).

  When the e-mail monitoring server 101 receives from the administrator terminal 104 a request for an e-mail audit screen of the title (e-mail subject) whose selection has been accepted in step S908 (step S936), the e-mail monitoring server 101 stores the selected e-mail in the log table ( Display information for displaying the individual mail audit screen shown in FIG. 14 is acquired from FIG. Then, when the email monitoring server 101 transmits the generated display information to the administrator terminal 104 (step S937), the administrator terminal 104 receives the display information (step S910), and according to the display information, The individual mail audit screen shown in FIG. 14 is displayed (step S911).

  FIG. 14 is a diagram illustrating an example of an individual mail audit screen.

  FIG. 14 shows the contents of the selected e-mail among the e-mails displayed on the list screen of FIG. In FIG. 14, a “close” button 1402 and an “audit” button 1401 are provided. In step S912, when the “audit” button 1401 is pressed (accepting the audit result) by the administrator, the audit result is displayed as “Audit” in the record of the log table (FIG. 5) of the e-mail displayed here. A request for setting “audited” in “status” is transmitted to the email monitoring server 101 (step S913).

  When the “close” button 1402 is pressed, the process is terminated.

  Upon receiving the request transmitted in step S913 (step S938), the email monitoring server 101 sets “audit” in the “status” of the record in the email log table (FIG. 5) displayed in FIG. "Completed" is set (step S939). Then, the process returns to step S940.

  Next, detailed processing in step S811 in FIG. 8 will be described with reference to FIG.

  FIG. 10 is an example of a flowchart showing the detailed processing in step S811.

  Note that the processing in steps S1001 to S1008 is executed by the CPU 201 of the administrator terminal 104 according to control by a program recorded in the external memory 211 of the administrator terminal 104.

  Further, the processing of steps S1009 to S1014 is executed by the CPU 201 of the e-mail monitoring server 101 in accordance with control by a program recorded in the external memory 211 of the e-mail monitoring server 101.

  The e-mail monitoring server 101 includes each search condition (1101, 1102) entered on the e-mail search screen of FIG. 11 among the e-mails stored in the log table (FIG. 5) stored in the external memory 211. 1103, 1104, and 1105) are searched for and specified. Then, the specified e-mail data is acquired from the log table (FIG. 5) (step S1009).

  Then, the e-mail monitoring server 101 generates display information for displaying the e-mail list screen (FIG. 16) including the data acquired in step S1009, and transmits it to the administrator terminal 104 (step S1010).

  When the administrator terminal 104 receives the display information from the email monitoring server 101 (step S1001), the administrator terminal 104 displays a mail list screen shown in FIG. 16 according to the display information.

  FIG. 16 is a diagram illustrating an example of a mail list screen.

  As shown in FIG. 16, emails that match the search conditions (1101, 1102, 1103, 1104, 1105) entered on the email search screen of FIG. 11 are displayed.

  When an administrator selects a “title (mail subject)” of an email to be audited (step S1003), a request for an email audit screen of the selected “title (mail subject)” is sent to the electronic It transmits to the mail monitoring server 101 (step S1004).

  When the e-mail monitoring server 101 receives the request from the administrator terminal 104 (step S1011), the e-mail monitoring server 101 receives the requested e-mail data (one divided e-mail among the divided e-mail data managed by the management means). Is generated from the log table (FIG. 5), display information (individual screen information) for displaying the audit screen (FIG. 14) of the e-mail is generated, and transmitted to the administrator terminal 104. (Step S1012).

  The email audit screen (FIG. 14) is an application example of the individual audit screen of the present invention.

  Upon receiving the display information from the email monitoring server 101 (step S1005), the administrator terminal 104 displays the email audit screen (FIG. 14) according to the display information (step S1006).

  FIG. 14 is a diagram illustrating an example of an electronic mail audit screen.

  In FIG. 14, as shown in FIG. 14, the contents of the selected mail among the mails displayed in FIG. 16 are displayed.

  Further, in FIG. 14, an “audit” button 1401 is provided for performing an audit.

  When the e-mail monitoring server 101 receives a press of the “audit” button 1401 by the user as an audit result (step S1007), the e-mail monitoring server 101 records an e-mail log table (FIG. 5) displayed here as the audit result. A request for setting “audited” in “status” is transmitted to the email monitoring server 101 (step S1008).

  When the “close” button 1402 is pressed, the process is terminated.

  When the e-mail monitoring server 101 receives the request transmitted in step S1008 (step S1013), the “result” of the record in the e-mail log table (FIG. 5) displayed in FIG. “Audited” is set (step S1014), and the process ends.

  18A and 18B are functional block diagrams of the email monitoring server 101. FIG.

  As illustrated in FIG. 18A, the email monitoring server 101 includes a management unit 1801, a specifying unit 1802, a setting unit 1803, and a receiving unit 1804.

  The management unit 1801 manages data of each divided mail generated by individually dividing the destination set in the electronic mail. The specifying unit 1802 specifies each divided mail generated by dividing the destination individually according to the data of each divided mail managed by the management unit. The setting unit 1803 sets each divided mail specified by the specifying unit as an audit target to be audited collectively. The accepting unit 1804 accepts the audit result of each divided mail set as an audit target to be audited collectively by the setting unit.

  Further, as shown in FIG. 18B, the email monitoring server 101 further includes a transmission unit 1805, a generation unit 1806, a setting reception unit 1807, and an acquisition unit 1808.

  The transmission unit 1805 transmits the screen information of the summary audit screen including the data of each divided mail set as the audit target to be audited collectively by the setting unit to the external device. The generation unit 1806 generates e-mail data that is a combination of the divided mail data set as audit targets to be audited together by the setting unit. The setting reception unit 1807 receives setting information indicating whether to audit each divided mail generated by individually dividing the destination from an external device. The acquisition unit 1808 acquires the data of each divided mail generated by individually dividing the destination set in the electronic mail transmitted from the sender terminal.

  The specifying unit specifies a divided mail including data having the same predetermined data among the data of each divided mail managed by the management unit as each divided mail generated by dividing the destination individually.

  The accepting unit accepts the audit result input via the summary audit screen displayed by the screen information transmitted by the transmitting unit from the external device.

  In addition, the transmission unit transmits the screen information of the summary audit screen including the email data generated by the generation unit to the external device.

  In addition, when the setting unit accepts setting information indicating that each divided mail generated by individually dividing the destination is collectively audited by the setting receiving unit, the setting unit audits collectively. The screen information of the summary audit screen including the data of each divided mail set as is transmitted to the external device.

  In addition, when the transmission unit receives the setting information indicating that the divided mails generated by individually dividing the destinations are not collectively audited by the setting reception unit, each transmission managed by the management unit The individual screen information of the individual audit screen including the data of one divided mail among the mail data is transmitted to the external device.

  The accepting unit further accepts an audit result input from the external device via the individual audit screen displayed by the individual screen information transmitted by the transmitting unit.

  Moreover, the data of the divided mail managed by the management unit includes the header information of the divided mail, and the specifying unit has a header with the same predetermined header information among the header information of each divided mail managed by the management unit. The divided mail including the information is specified as each divided mail generated by dividing the destination individually.

  The header information included in the data of the divided mail managed by the management unit includes any of the transmission date and time, the transmission source, the transmission destination, and the title of the divided mail, and the specifying unit displays the divided mail managed by the management unit. Split mail containing header information with the same transmission date / time, sender, destination, title, or combination of header information included in the data, as each split mail generated by dividing the destination individually Identify.

  The management unit manages the data of the divided mail acquired by the acquisition unit.

  Further, the data of the divided mail managed by the management unit includes time information indicating the time acquired by the acquisition unit, and the specifying unit receives the destination according to the time information included in the data of each divided mail managed by the management unit. Identifies each split email generated by splitting individually.

  As described above, according to the present invention, it becomes possible to audit the divided mails divided into the destinations, so that the audit work of the auditor who performs the audit of the electronic mail can be made efficient.

  Another object of the present invention is to supply a storage medium storing software program codes for realizing the functions of the above-described embodiments to a system or apparatus, and the computer (or CPU or MPU) of the system or apparatus stores the storage medium. Needless to say, this can also be achieved by reading and executing the program code stored in.

  In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the program code itself and the storage medium storing the program code constitute the present invention.

  As a storage medium for supplying the program code, for example, a flexible disk, a hard disk, an optical disk, a magneto-optical disk, a CD-ROM, a CD-R, a magnetic tape, a nonvolatile card, a ROM, or the like can be used.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (basic system or operating system) running on the computer based on the instruction of the program code. Needless to say, a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included. An information processing apparatus (computer) that can read and execute the program code realizes the functions of the above-described embodiments.

  Further, after the program code read from the storage medium is written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function is determined based on the instruction of the program code. It goes without saying that the CPU or the like provided in the expansion board or function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

101 Email Monitoring Server 102 Email Server 103 Sender Terminal (Information Processing Device) 103
104 Administrator terminal (information processing apparatus) 104
105 local network 111 e-mail server 112 recipient terminal 113 local network 120 wide area line

Claims (12)

A management means for managing data of each divided mail generated by individually dividing the destination set in the e-mail;
According to the data of each divided mail managed by the management means, a specifying means for specifying each divided mail generated by individually dividing the destination;
A setting means for setting each audited email specified by the specifying means as an audit target to be audited together;
Receiving means for receiving the audit result of each divided mail set as an audit target to be audited collectively by the setting means;
An electronic mail auditing apparatus comprising:   The specifying means specifies the divided mail including the same data as the predetermined data among the data of each divided mail managed by the management means as each divided mail generated by dividing the destination individually. The electronic mail auditing apparatus according to claim 1, wherein: Further comprising a transmission means for transmitting the screen information of the summary audit screen including the data of each divided mail set as an audit target to be audited collectively by the setting means to an external device,
The e-mail according to claim 1 or 2, wherein the accepting unit accepts an audit result input via a summary audit screen displayed by screen information transmitted by the transmitting unit from the external device. Audit equipment. Further comprising generating means for generating e-mail data that combines the data of the respective divided mails set as audit targets collectively audited by the setting means,
4. The electronic mail auditing apparatus according to claim 3, wherein the transmission unit transmits screen information of a summary audit screen including the electronic mail data generated by the generation unit to an external device. A setting accepting unit that accepts setting information indicating whether to audit each divided mail generated by dividing the destination individually from an external device;
When the setting means accepts setting information indicating that the divided mails generated by individually dividing the destinations are collectively audited by the setting accepting means, the setting means performs an audit collectively. 5. The electronic mail audit apparatus according to claim 3, wherein screen information of a summary audit screen including data of each divided mail set as a target is transmitted to an external apparatus. Further, when the transmission unit receives setting information indicating that the divided mails generated by individually dividing the destinations are not collectively audited by the setting reception unit, each of the transmission units managed by the management unit Send the individual screen information of the individual audit screen including the data of one of the divided mail data to the external device,
6. The receiving apparatus according to claim 3, wherein the receiving unit further receives an audit result input via an individual audit screen displayed by the individual screen information transmitted by the transmitting unit from an external device. The electronic mail auditing apparatus according to item 1. The split mail data managed by the management means includes header information of the split mail,
The specifying means sets the divided mail including header information having the same predetermined header information among the header information of each divided mail managed by the management means as each divided mail generated by dividing the destination individually. The e-mail audit apparatus according to claim 1, wherein the e-mail audit apparatus is specified. The header information included in the divided mail data managed by the management means includes any one of the transmission date and time, the transmission source, the transmission destination, and the title of the divided mail.
The specifying means is for sending a divided mail containing header information having the same transmission date / time, transmission source, transmission destination, title, or combination of header information included in the divided mail data managed by the management means. 8. The electronic mail auditing apparatus according to claim 7, wherein the address is specified as each divided mail generated by dividing the destination individually. Further comprising an acquisition means for acquiring data of each divided mail generated by individually dividing the destination set in the e-mail transmitted from the sender terminal;
9. The electronic mail inspection apparatus according to claim 1, wherein the management unit manages the data of the divided mail acquired by the acquisition unit. The divided mail data managed by the management means includes time information indicating the time acquired by the acquisition means,
The said specifying means specifies each division | segmentation mail produced | generated by dividing | segmenting a destination individually according to the time information contained in the data of each division | segmentation mail managed by the said management means. Email auditing equipment. A control method for an email auditing device comprising a management means for managing data of each divided email generated by individually dividing a destination set in an email,
A specifying step of specifying each divided mail generated by dividing the destination individually according to the data of each divided mail managed by the management means;
A setting step in which the setting unit of the e-mail auditing device sets each divided mail specified by the specifying step as an audit target to be audited collectively,
The accepting step of accepting the audit result of each divided email set as an audit target in which the accepting means of the electronic mail auditing apparatus is collectively audited by the setting step;
A control method comprising: A program that can be read and executed by an e-mail auditing device including a management unit that manages data of each divided e-mail generated by individually dividing a destination set in an e-mail,
The e-mail audit device;
According to the data of each divided mail managed by the management means, a specifying means for specifying each divided mail generated by individually dividing the destination;
A setting means for setting each audited email specified by the specifying means as an audit target to be audited together;
A program that functions as a receiving unit that receives an audit result of each divided mail set as an audit target to be audited collectively by the setting unit.

Images