Retention of emails

What are your views on the retention of emails?

LVL 16
Who is Participating?
The problem with email retention is where the actual retention should take place.

For example I have a website for which I rent server space, it has its own pop3 and the email is stored in my own directories.  Who is responsible for retaining the email?  Since my isp only provides the connection to the server, and my email never passes through their email servers, it would not be them.

Although the law is still in flux in the US, there have been several rulings that private email is just that, private, and that companies have no obligation to provide private email to anyone.  For example, my desktop machine uses Eudora, and I have personalities set up for my private email address and my company email address.  As things are now, the company has no responsibility for things I send via my personal account, since it doesn't pass through their mail server.

England does things a little different, but here in the US, I believe that if a person expects their email to be private, and it was the only evidence of a crime, then it could not be used for a conviction, just as a private telephone conversation requires a warrant (ignoring the abuse going on with overseas calls during these paranoid times.)

Does this requirement pertain to both incomming and outgoing email?  If so, then how about incoming mail that is deleted automatically as spam?

This is a stupid rule no matter what country, especially when it pertains to an individual's private email.

Encryption makes no real difference, since last years strong encryption is todays broken algorithm.

What is likely to happen is pseudo encryption, where an email looks innocent, but the users on both ends know the real meaning.

Someone above mentioned texting as a private mode.  This is a joke, texting is not private.

I can see (a little bit) how they can enforce the rule against companies, but how can they enforce it on individuals?  And what if I have an incriminating email from you, but it is not in your 10 years of email backups?  How do you prove that I am not just trying to frame you? Or how do I prove that the email really came from you?

Its scarry, but this whole direction is likely to lead to an email "Post Office" type of organization where all email goes through government servers and they keep the records. (and of course to cover the costs, they would have to have a tax on each mailing.)

Greetings, ellandrd !

Do you mean how long to keep emails before deleting?  If it is for business, emails should be kept for 3 years. Archive the emails and copy them to another location, not on the same server or computer.

Best wishes!
ellandrdAuthor Commented:
Yes it is about keeping the email, but theres a new policy coming out in the UK (not too sure on the dates), that all emails regardless of there type/nature (work related or personal) have to be kept for 10 years...

i what to know what people think about this....

good points (if any) bad points, problems it causes - IT wise, Security wise, Maintain wise etc etc

see what im trying to get at?

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.


Yes, I know what you are asking.  In US, only public traded companies are required to keep emails for 3 years.  

There is going to be logistic issues of keeping emails for 10 years, and more storage is needed.  There is also privacy issues, as internet service providers have info about me for many years.  We need to assume any thing one puts in email will be public. If you want to keep conversations private, use telephone or text messaging.
ellandrdAuthor Commented:
>>want to keep conversations private, use telephone

Even at that - i wont say they are private!

OK lets assume in the US, a new policy was introduced that all ISP's had to retent emails belong to everyone for 10 year?

What do you think? what are your views?  I know more storage will be required, and more administration/maintain and security will be required, but people must have more views than that?

Like its 10 years worth of email?  

Take work related emails out of the equation and just say we can dealing with just private/personal emails - eg Yahoo or Hotmail.

Think what would happen if your 10 years worth of email got into the wrong hands - basically have your lifes private events/details/etc etc might as well be public... identity theft, etc etc would happen.

Would you trust your ISP with 10 years of your email?  I wouldnt...

This is what im trying to get at, but for both work related and personal senerio's...

nobusbiljart fanCommented:
>>   Would you trust your ISP with 10 years of your email?  I wouldnt  <<<  and what can you do about it? nothing
if you choose to use email, you're bound by the isp's behavior, just like if you phone.
So - i'm not sure what you are getting at.
ellandrdAuthor Commented:
im trying to see what are peoples views on this topic

>>and what can you do about it? nothing

well noted - this is a very good point to make!
ellandrdAuthor Commented:

i think you are getting the wrong end of the stick.  

after re-reading your comment, it is not my ISP planning on retenting email for 10 years

its not that my ISP has said "hey look ,like it or not, we're keeping every email - incoming or outgoing that you get/send for 10 years regardless, like it or leave it"

in the UK, the government is trying to implement and introduce a policy that will force all ISP's to retent emails for 10 yrs...

this is what im trying to get at!  im trying to see what people think of it?  what effects is will cause and so on....
Go back to snail mail. Companies are only required to keep physical paper for 5 years. Of course they may digitize your hard copy and file it away on disk forever but hey, if their backup strategies are faulty and they have a catastrophe you may get lucky and your correspondence will disappear.
nobusbiljart fanCommented:
i understood it quite well, but who will keep the mails? not the government - oh no ! They're smarter
ellandrdAuthor Commented:
>>go back to snail mail

what are you talking about?  

it dont matter what mail account you use/have or want
it dont matter what ISP you use

they will all be affected?

>>Companies are only required to keep physical paper for 5 years

and i dont care!  its not about me wanting to trust my ISP or ISP's in general, or stop them from getting/holding onto my private/personal information contained in emails...


>>>>please start from the top and read down<<<<
ellandrdAuthor Commented:
especially this comments: 05/02/2006 03:24PM BST
>>Companies are only required to keep physical paper for 5 years

I thought it was 7 years, but, I am not sure.

Certainly, tax issues, in some cases can be backdated 6 years, keeping paperwork for only 5 would be a bad thing in that respect.


Laws, legal requirements, on the subject should be adhered to.

Other than that, I should think it is matter of personal choice, or, company policy.
Not looking for an argument here. Sorry if I offended anyones higher understanding of this issue. My understanding is if you don't want an email to haunt you forever, speak to the person directly, or be very careful what you write. That is my view on email retention or otherwise.
I see a few problems with email retention, from the perspective of the individual whose correspondence is being kept:

Firstly, in the US anyway, the Homeland Security Administration can quite easily get access to such information, and over the course of ten years, a whole host of unrelated comments can be collected and made to look suspicious, if the investigator is so inclined.  So certainly, the ability of computers to search through that morass of data quickly and pull out information that's only connected by the sender, but disparate in terms of time, destination, etc. can be a concern.

Also, particularly for individuals such as lawyers, doctors, accountants, etc. who can communicate some pretty sensitive information over email with the mistaken impression that it's being done securely, having such data sitting around for ten years is a risk not only to themselves, but to their clients as well, which is worrisome.

From the business side, this will make tighter security and larger disk space a must -- if data is going to be sitting somewhere for ten years, that gives an interested hacker ten years to try to get at it, which raises their chances of succeeding dramatically over, say, only a few months.  I think for that reason as well as storage concerns we'll see companies having dedicated tape backups for email, and they'll dump their archives to tape every few months, rather than having it sit somewhere on a server for the entire ten years.  If the data's not on the network, it can't be compromised via the network.

Both from the individual side and from the business side, I think we'll see growth in the use of strong encryption in email if such laws go into place.  More individuals that are professionals but not IT professionals, and so aren't likely to be using PGP or GPG or such right now are going to move in that direction, and service providers and email clients are going to start going out of their way to provide support for strong encryption in email.

Just my $.02.
ellandrdAuthor Commented:

at last somebody has seen/ understood what im trying to get at...thank you soo much!!

your comments have been the BEST/MOST HELPFUL that ive seen on this site over the last 3 months!!!
ellandrdAuthor Commented:

You must have been typing while i PAQ'd this question.  I have asked for this question to be reopened as your comments are again, what im looking for / after... so you will be included in the points when this question is reopened and i PAQ it again..

Thank you

ellandrdAuthor Commented:
p.s im not in England, as such as it is apart of the UK, im in Scotland ;-)

I hadn't thought about the fact that the UK is not all England, since I am in Florida and also the US, I kinda thought that all the different entities were still considered England as a whole.  So, then England is in the UK, but not all of the UK is England?  We also tend to use Britian and England interchangeably, is that wrong?  Is England like a province of the UK?

Please forgive my ignorance, its just something I hadn't thought about before, having only been in the UK for about 3 hours in my whole life, and those 3 hours were in Heathrow Airport....
ellandrdAuthor Commented:
>>I hadn't thought about the fact that the UK is not all England, since I am in Florida and also the US, I kinda thought that all >>the different entities were still considered England as a whole.

The UK is made up of Scotland, Wales, Northern Ireland and England and each country is ruled by British law, hence the term the "United Kingdom".

>>So, then England is in the UK, but not all of the UK is England?


>>We also tend to use Britian and England interchangeably, is that wrong?

Oh ya!

>>Is England like a province of the UK?

It it a country in the UK.


The white lines on the mapas borders (As you know - separating each country)

Republic of Ireland is NOT included in the UK = it is totally separate...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.