Small company in charge of it all is rather nice. I have access to all the things and know exactly what's being used to track things accessed (nothing)!
I managed to figure out who it was. We're small enough that the suspect list was relegated to a small clique of employees. One of those employees had cleared their web history, gmails, and Skype history right around the same time the email was sent. Circumstantial for sure. So I pulled chat logs from someone they talked to regularly and in that conversation they used almost exactly the same phrase used in the email that got sent out and it was specific enough that there's no chance it was a coincidence.
Next up, internal IM replacement! Anyone have any experience with Openfire?
Sucking down the easy flowing milk from society's warm breasts.