Tool helps control e-mail archives

Following publication of the article on e-mail subject lines and other tips for efficient use of e-mail, I received a flurry of responses from readers and will be publishing a compilation of some of the most interesting suggestions a bit later. However, one response – from Tim Craig mailto:Tim.Craig@ukgateway.net > of Locate IT in England – was so interesting that I think it will be valuable for many readers.

With minor editorial changes (but note the U.K. spelling), here is what Craig wrote.

***

A useful little rule about the subject line is to think about where your recipient might file it or how he might remember it. As a salesman of security and compliance solutions, I should always be thinking about what my customers’ needs and wants are. Giving my e-mail a focused subject helps me focus on what I am trying to achieve with it, for a start. Also, I need to grab his attention at the very beginning. So if my e-mail is about me and my clever product, I have probably lost him already. If it is about a project he needs to fulfill, and how I can help, then I might get somewhere. Just plain sales common sense, not rocket science. For instance, in your projects, assuming you think of students as your customers, you might consider ‘My comments on your essay’ as less effective than ‘MSIA: some advice from M. Kabay.’ The MSIA at the beginning allows a student looking up his old e-mail, when getting back to the subject two months later, to sort and retrieve it quickly, and a ‘find’ on Kabay provides another route.

One of the products I promote is MailStore, an e-mail archiving product from Archive-it http://www.archive-it.com > that comprehensively follows the BSI Code of Practice on the Legal Admissibility of Documents Stored Electronically (BSI PD0008). One of the staff was an author of the BSI Code of Practice.

We security people have focused almost all our efforts on protecting information while it is ‘on the wire’ and almost no effort on protecting it from unlawful change once it is stored.

Noting that it is still true that over 70% of all computer misuse is initiated internally, this product provides a capability to manage and control the use of e-mail at a corporate level, ensuring compliance (e.g., with the Data Protection Acts), and enabling approved administrators to do such searches as suggested above across all e-mail users within an organisation.

All e-mails are stored tamperproof for as long as policy dictates. A legal discovery can bring up a complete list of all e-mail referring to a particular subject in seconds, when an approved investigation is established. The processes have been approved as ‘best practice’ up to our House of Lords, and will stand as strong evidence in a Court of Law, which e-mails in general do not. You can prove who has modified or passed on any e-mail, even who has simply read it. It is a great deterrent to misuse of corporate e-mail as well, I believe. Thoughtful application of the subject makes policy compliance much more effective in a regime like this.

***

I read the brochure about MailStore and was impressed. The product uses digital signatures and encryption with timestamps to provide a secure audit trail; it apparently imposes little or no load on the user; and it provides an easy management interface for system administrators to define rules on document retention. The mere presence of such a tool would reduce abuse of corporate e-mail systems. However, readers will recall that any such system must be clearly announced to all personnel before deployment so that there will be no tenable claims of a reasonable expectation of privacy when using corporate e-mail systems.