I was asked a few days ago by one of the Partners if we could retrieve an email from a year or more ago and of course the answer was no, but that left me thinking about the question itself and the wider implications. I think its pretty much understood that if you choose to host your email at Microsoft, Google, BT, and so on then your every email is going to be archived away somewhere for all time and will no doubt be available for anyone with sufficient clearance to review, trawl, analyse and so on, but that's fine as long as you know its happening. At GEN we offer a secure service which by its very nature is not archived anywhere unless that functionality is specifically ordered by the customer, and that's rarely the case, but we do take backup's so I think its important to define exactly what we do, and what we don't do here.
Your email is stored in an encrypted format on the physical server media and the key to decrypt this format is different for each mailbox.
There is a snapshot of the entire server cluster taken hourly on a 96 hour rotation. That is, the oldest snapshot we have is 96 hours. These snapshots are taken as part of our disaster recovery process meaning that even if an entire datacentre was destroyed then your email service would resume shortly afterwards at a backup site which is always in place.
Your mailbox is protected to some degree from brute force attacks by a system which actively monitors such behaviour and blocks attack routes in real time.
Server free space is defragmented daily as an overnight process.
Logging of email traffic including date/time, sender, recipient, size but not its contents exists for 7 days on the anti-spam and anti-virus gateways and for 3 days on the mail servers themselves. We use these logs to satisfy all those tickets that people raise complaining that their email isn't reaching someone or that someone trying to send them an email isn't getting through and so on.
So, unless you specifically ordered email retention then when you delete an email its gone from the email server immediately, from our logs 7 days after receipt and from our snapshots within 96 hours.
Keeping your email secure...
If you consider that when you send an email from A to B then the following are involved:
- Your PC, has to store the message to be able to send it
- Our server, receives the email from you, stores it in your Sent Items (Encrypted) and then sends it on to the recipients server
- Recipients server receives the email from us and stores it on disk, maybe in the clear and then stores it in the recipients mailbox.
- The recipients PC retrieves the email and stores it on disk, maybe in the clear
So there are many points of compromise here and some of the most vulnerable are on sender and recipients PC's. To completely remove this risk use only webmail or an email client that stores your email with strong encryption.
We've already covered our servers, but the recipients server(s) are a real risk too. If the recipient is using a server which does retain everything and you wouldn't know without checking then your email is once again going to be stored for all time.
Any way around this?
To keep your email as secure as reasonably possible between sender and recipient they
- Should be on the same server which then negates the risk of a second server with unknown retention and security and also negates the risk of a man-in-the-middle attack by anyone compromising your DNS.
- S/MIME or GPG should be used to provider a second layer of encryption to further protect the email's contents and in the case of S/MIME this will also provider validity guarantees.
- Webmail only should be used as these will not store a copy of the email on local devices
- A secure access service such as GEN SAS can be used to ensure an encrypted tunnel into the GEN Infrastructure and onto the Mail Servers.
But who needs that level of security? Well, anyone who wants their email to be secure and that might be you or you might be happy knowing that everything you have ever sent and received is stored and archived somewhere.
I hope this has cleared up any confusion around retention of email data, if you have any more questions then raise them at the HelpDesk ok.