Ask the Expert

Are message stubs a secure part of email retention policies?

I've read about "stubbing," a common feature in email archiving applications that involves transferring an email from a user's mailboxes to a new location, while replacing the original email in the user mailbox with a small message "stub" pointing to the new location of the email. Does this mechanism create any security limitations?

    Requires Free Membership to View

To manage the ever-growing number of messages travelling in and out of an organization's email boxes, organizations have to balance performance and productivity against security and legal requirements. Deleting older emails is not an option for many companies, because it may well violate various laws and regulations covering email correspondence.

In essence, stubbing is an archiving mechanism where attachments and the body of an email are stripped from the message. The email application retains only the header and a stub file, or link within the message. The actual message and attachment are stored in a separate archive. In GroupWise, a Novell Inc. software product that offers email, for example, the user database stores the message header information, and the message database holds the messages' content and small attachments. Larger attachments are stored as binary large objects (BLOBs) in a directory. Removing storage-intensive attachments means a much smaller message store. This improves overall system performance and allows administrators to more efficiently manage backups and scheduled maintenance while keeping the entire message accessible to the end-users.

A recent Microsoft white paper on email security recommended that large-enterprise Exchange users provide larger email boxes while moving old emails to a third-party email archiving product. The company's argument is that the volume and size of email continues to increase daily, and end users who have to spend time everyday trying to manage a mailbox with a low maximum volume are not going to be productive. Also, people will try to circumvent restrictions leading to further problems. Over time, an email inbox can get quite large, with tens of thousands of emails. And if you're not allowed to delete any of them, such a large number messages –- even if they're just stubs –- can quickly become unmanageable. And, of course, since a stub file has little information in it -- sometimes only a message header –- trying to find an old message becomes almost impossible.

But stubbing or email archiving means that you now have extra storage locations that need securing and protecting. Also, electronic documents must be stored in a format that does not change the information. Encryption is allowed and obviously recommended, but any stubbing must not remove or lose information about points of origin, destinations, dates and times. The 2002 Sarbanes-Oxley Act, for example, stipulates that companies must save all documentation used to create financial reports and audits. The document-retention period is seven years, and recovery time is limited to a few days following a federal request. The SEC has expanded Rule 17a to now require that exchange member and brokerage house record keeping include all forms of internal and external electronic communication, such as emails.

Because of the legal importance of such emails, Write-Once-Read-Many (WORM) magnetic disk storage should be used with any email archiving system. WORM also has the added advantage of faster response times than tape or optical disk. Storage risk assessment is vital to the security and protection of such valuable company information. A secondary, geographically separated data center should be considered. Smaller email systems may well benefit from taking a stubbing approach, although medium-sized and large enterprise systems will probably do better with a pure archiving implementation.

More information:

  • Learn strategies for email archiving and meeting compliance regulations.
  • In our Messaging Security School, learn about email security tools, systems and threats.
  • This was first published in February 2009

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: