In essence, stubbing is an archiving mechanism where attachments and the body of an email are stripped from the message. The email application retains only the header and a stub file, or link within the message. The actual message and attachment are stored in a separate archive. In GroupWise, a Novell Inc. software product that offers email, for example, the user database stores the message header information, and the message database holds the messages' content and small attachments. Larger attachments are stored as binary large objects (BLOBs) in a directory. Removing storage-intensive attachments means a much smaller message store. This improves overall system performance and allows administrators to more efficiently manage backups and scheduled maintenance while keeping the entire message accessible to the end-users.
A recent Microsoft white paper on email security recommended that large-enterprise Exchange users provide larger email boxes while moving old emails to a third-party email archiving product. The company's argument is that the volume and size of email continues to increase daily, and end users who have to spend time everyday trying to manage a mailbox with a low maximum volume are not going to be productive. Also, people will try to circumvent restrictions leading to further problems. Over time, an email inbox can get quite large, with tens of thousands of emails. And if you're not allowed to delete any of them, such a large number messages –- even if they're just stubs –- can quickly become unmanageable. And, of course, since a stub file has little information in it -- sometimes only a message header –- trying to find an old message becomes almost impossible.
But stubbing or email archiving means that you now have extra storage locations that need securing and protecting. Also, electronic documents must be stored in a format that does not change the information. Encryption is allowed and obviously recommended, but any stubbing must not remove or lose information about points of origin, destinations, dates and times. The 2002 Sarbanes-Oxley Act, for example, stipulates that companies must save all documentation used to create financial reports and audits. The document-retention period is seven years, and recovery time is limited to a few days following a federal request. The SEC has expanded Rule 17a to now require that exchange member and brokerage house record keeping include all forms of internal and external electronic communication, such as emails.
Because of the legal importance of such emails, Write-Once-Read-Many (WORM) magnetic disk storage should be used with any email archiving system. WORM also has the added advantage of faster response times than tape or optical disk. Storage risk assessment is vital to the security and protection of such valuable company information. A secondary, geographically separated data center should be considered. Smaller email systems may well benefit from taking a stubbing approach, although medium-sized and large enterprise systems will probably do better with a pure archiving implementation.
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Michael Cobb
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading
The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.