AdamS Posted December 14, 2022 Report Share Posted December 14, 2022 The inclusion of the recipient count facet has been a god send, but now I'm trying to figure out how to go a little more granular. I'm interested in finding emails that only include specific recipients and I need to filter out all the other emails which include other recipients. Limiting the recipient count facet gets me close, but still too many to manually exclude any in a reasonable time frame. Any ideas on how to accomplish this? Quote Link to comment Share on other sites More sharing options...
Chris Rogers Posted December 19, 2022 Report Share Posted December 19, 2022 Hey Adam! Would any of these search features be useful to use the keyword function to only look in certain areas of the emails? You can customize these by clicking the arrows next to options under the search bar. Quote Link to comment Share on other sites More sharing options...
Chris Rogers Posted December 19, 2022 Report Share Posted December 19, 2022 You can also use those search terms to exclude or include search criteria to refine them down too. Quote Link to comment Share on other sites More sharing options...
Jacques B Posted December 28, 2022 Report Share Posted December 28, 2022 If you are looking for emails between specific parties, say 1@gmail.com, 2@yahoo.com, and 3@hotmail.com, you could use something like this in the search term: (from:1@gmail.com OR from:2@yahoo.com OR from:3@hotmail.com) AND (to:1@gmail.com OR to:2@yahoo.com OR to:3@hotmail.com) Combine the above with recipient count will get you as close as I can come up with. The above assumes you are not looking for cc or bcc addresses. I do see the shortcoming you are hoping to address. If you have recipient count of 2, it could be from 1@gmail.com to 2@yahoo.com and to (or cc, or bcc) 4@example.com and that would still be responsive to your query. I'm not sure if there is a way to say from or to (or cc or bcc) must contain ONLY one or more of the addresses you've listed. The approach I've seen an investigator use in that scenario is after the initial query, if they see any obvious non-relevant responsive items, they expand their query by adding those criteria in parenthesis with a NOT preceding it (e.g., NOT (to:4@example.com) ; or NOT ("table tennis"~2) if looking for tennis but not table tennis for example). It's more tedious. But the goal is to get the responsive itesm down to a manageable volume for review. If you can accomplish that by adding a few NOT statements to tweak your original query, it's the next best thing to having a query that does exactly what you want. I do agree that it would be great to have a ONLY type of statement. Also useful would be an IN statement similar to in Python where you could say something like "to: IN (1@gmail.com, 2@yahoo.com, 3@hotmail.com)", or "(1@gmail.com, 2@yahoo.com, 3@hotmail.com) IN to:". Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.