There are two primary security issues with message journaling:
In both cases, it is important to limit who can change the registry entries that control message journaling. By default, all users with Windows NT Server administrator permissions can change these registry entries.
The mailbox, public folder, or custom recipient that receives the message copies must be secured. This recipient should be hidden from the directory. If the recipient is a public folder, on the Permissions tab for the public folder, set the Roles for the default user to Contributor, and then clear all permissions except Create items.
Copies of encrypted messages are saved similar to other messages, but they are not decrypted.