Technology Quiz: How Does E-Mail Disappear?

You don’t have to be a Democrat to scoff at the White House’s recent assertion that some e-mails related to the recent firing of eight U.S. attorneys may be permanently lost. You just have to know something about networking and computers.

“To truly lose an e-mail to the point that it is unrecoverable is quite a difficult task,” commented Rami Habal, director of product marketing for Proofpoint.

“This is because today’s e-mail systems log, archive and back up data, typically at multiple levels,” he told the E-Commerce Times.

“It is very hard to hide anything on computers,” added John Christopher, senior data recovery engineer at DriveSavers Data Recovery.

“They are built to remember where data is stored,” he told the E-Commerce Times.

Accidental Obliteration Unlikely

There are other reasons to suspect that the so-called lost e-mails exist somewhere. Best IT practices include regularly backing up servers for disaster recovery.

Also, while it may be forbidden, employees often create personal archives to bring work home or work offline away from cumbersome security processes.

Indeed, when an e-mail is truly unrecoverable, it is usually due to a serendipitous event — or a deliberate series of actions taken.

For instance, an e-mail could be lost if data were unrecoverable because of media damage resulting from a hard drive crash, Christopher said.

More than likely, though, it would take some serious effort to erase an e-mail or a thread of messages.

“Logs provide a trail that will tell you if an e-mail has been sent and received,” Jian Zhen, senior director of product management for LogLogic, told the E-Commerce Times. “So to truly remove the trail, you do need to remove the logs.”

All e-mail is logged at the gateway and mail server levels, Proofpoint’s Habal further explained, and those logs may even be archived.

“Therefore, at a minimum, the e-mail’s metadata should be available,” he said. “In some cases, the e-mail itself is also archived, meaning the entire body of the e-mail should be available.”

In short, Habal concluded, multiple things need to go wrong in order for an e-mail to completely disappear.

The Misplacement Factor

All that said, it is relatively easy for e-mails to be misplaced in a large organization, Bill Tolson, product marketing manager with Mimosa Systems, told the E-Commerce Times.

“When companies have problems in litigation and discovery producing e-mails, it is usually because after a certain period of time, there are so many places they could be,” he pointed out, “and the company is having trouble finding them.”

Such a possibility makes for a good argument to invest in a top of the line e-mail archival and storage system, which most firms do, of course. Yet some fail to consider the flip side of the issue: how they can delete an e-mail from the corporate network so it is truly gone.

There are several legitimate reasons a firm would want to delete an e-mail from a system so there would be no record that it ever existed. For example, employees could have unwittingly traded e-mails that discussed trade secrets or inventions pending patent.

Also, many law firms delete e-mails after a short period of time to protect clients’ confidentiality from the threat of hackers.

And yes, companies want to delete e-mails that could make them look terrible in the public’s eye. Assuming there is no litigation pending, it is legal for a company to get rid of such communications.

Mimosa advises clients that it is better to keep e-mails than delete them as a matter of policy, Tolson said.

“Half the time, that one e-mail that makes the company look bad will be found anyway by the plaintiff’s attorney — usually because it is part of a larger thread,” he said.

Still, if a firm is bound and determined to erase an e-mail, Tolson provides a road map for doing the job.

Step by Step

  1. Determine the sender and recipient. Were there any other people who received it as a CC or BCC? Delete the e-mail from the various servers where the sender’s and all recipients’ mailboxes reside.
  2. Determine whether the e-mail went outside the company. If it did, you might as well end the exercise right now, according to Tolson, because it is out of reach and out of control.
  3. Go into the deleted items folder and delete copies of the e-mail. Depending on how long a period of time has elapsed since the e-mail was sent, you may want to also go to the backup tapes and delete copies from them as well.
  4. Check each employee’s workstation to make sure a local copy wasn’t kept on a hard disc. Require employees to acknowledge whether they have copied or printed out the e-mail.
  5. Scan network drives for personal archives that may contain a copy of the message.
  6. Finally, to be extra cautious, defrag the hard discs on the e-mail servers that transmitted and received the e-mail.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Cryptocurrency is a viable hedge against inflation: Agree or Disagree?
Loading ... Loading ...

LinuxInsider Channels