Manage Learn to apply best practices and optimize your operations.

Are message stubs a secure part of email retention policies?

Because deleting older emails is not an option for many companies, email "stubs" have been an alternative for organizations looking to archive their messages. Michael Cobb reviews email stubbing and its possible security limitations.

I've read about "stubbing," a common feature in email archiving applications that involves transferring an email from a user's mailboxes to a new location, while replacing the original email in the user mailbox with a small message "stub" pointing to the new location of the email. Does this mechanism create any security limitations?
To manage the ever-growing number of messages travelling in and out of an organization's email boxes, organizations have to balance performance and productivity against security and legal requirements. Deleting older emails is not an option for many companies, because it may well violate various laws and regulations covering email correspondence.

In essence, stubbing is an archiving mechanism where attachments and the body of an email are stripped from the message. The email application retains only the header and a stub file, or link within the message. The actual message and attachment are stored in a separate archive. In GroupWise, a Novell Inc. software product that offers email, for example, the user database stores the message header information, and the message database holds the messages' content and small attachments. Larger attachments are stored as binary large objects (BLOBs) in a directory. Removing storage-intensive attachments means a much smaller message store. This improves overall system performance and allows administrators to more efficiently manage backups and scheduled maintenance while keeping the entire message accessible to the end-users.

A recent Microsoft white paper on email security recommended that large-enterprise Exchange users provide larger email boxes while moving old emails to a third-party email archiving product. The company's argument is that the volume and size of email continues to increase daily, and end users who have to spend time everyday trying to manage a mailbox with a low maximum volume are not going to be productive. Also, people will try to circumvent restrictions leading to further problems. Over time, an email inbox can get quite large, with tens of thousands of emails. And if you're not allowed to delete any of them, such a large number messages –- even if they're just stubs –- can quickly become unmanageable. And, of course, since a stub file has little information in it -- sometimes only a message header –- trying to find an old message becomes almost impossible.

But stubbing or email archiving means that you now have extra storage locations that need securing and protecting. Also, electronic documents must be stored in a format that does not change the information. Encryption is allowed and obviously recommended, but any stubbing must not remove or lose information about points of origin, destinations, dates and times. The 2002 Sarbanes-Oxley Act, for example, stipulates that companies must save all documentation used to create financial reports and audits. The document-retention period is seven years, and recovery time is limited to a few days following a federal request. The SEC has expanded Rule 17a to now require that exchange member and brokerage house record keeping include all forms of internal and external electronic communication, such as emails.

Because of the legal importance of such emails, Write-Once-Read-Many (WORM) magnetic disk storage should be used with any email archiving system. WORM also has the added advantage of faster response times than tape or optical disk. Storage risk assessment is vital to the security and protection of such valuable company information. A secondary, geographically separated data center should be considered. Smaller email systems may well benefit from taking a stubbing approach, although medium-sized and large enterprise systems will probably do better with a pure archiving implementation.

More information:

This was last published in February 2009

Dig Deeper on Email and Messaging Threats-Information Security Threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.