[lug] off topic email question

[Jeff Schroeder]

Karl:

Like you, I've watched this story for the past few months with a mix of 
suspicion and humor.

I run e-mail for a hundred or so domains, totaling maybe a thousand 
individual users.  That's a lot of messages coming and going on a given 
day.  To make matters worse, as we all know only a fraction of what 
comes in is legitimate-- the rest is spam that's discarded via 
greylisting or scanning and filtering.

A nightly backup of the mail spool on a server would be largely useless.  
It would save copies of any messages that arrived but weren't 
downloaded, so if the backup runs at, say, midnight then it'll catch 
stuff between the end of the business day and that time.  That's 
assuming the people aren't checking their mail in the evening.  Since 
people are downloading messages constantly (my own client checks my 
mail every 60 seconds), in many cases the content of the message is 
only on the server for a matter of minutes or perhaps hours.

[ The above doesn't apply if people are using IMAP and storing their 
mail on the server, but in my experience that's rare.  Most of my users 
POP their mail and delete it from the server. ]

Thus, in order to truly capture and backup every message, something 
needs to be done at the MTA level.  I happen to use qmail, and it has a 
mechanism to send a copy of every message-- incoming and outgoing-- to 
a place defined by the admin.  I'm sure other MTA's have similar 
functionality.  In theory, then, I could save a copy of all of it in a 
directory not available to the users, and backup that directory.

I don't do that.

First, I believe strongly in the privacy of my customers.  I have no 
reason to store messages that may contain personal information, private 
conversations, proprietary business data, etc.  If I was using an ISP 
for my own mail, I wouldn't want them storing it, and I think I should 
treat others as I'd like to be treated.

Second, if I'm storing messages beyond the usual deliver-and-download 
process, I incur a liability to protect and manage that data.  What if 
someone managed to break into the server and find the directory with 
tens of thousands of archived messages?  Whee!  Witness the spectacle 
of MediaDefender.

Third, with the volume of e-mail that flies around these days, there are 
storage considerations.  Assuming an average business user sends 10 
messages per day, and each message is 20kB, and I have a thousand 
users, I'm amassing 200MB of archived mail every day.  And everyone 
knows 10 x 20kB messages is on the low end. :)  Disks are cheap, but 
that adds up.

And fourth, I defy the police state mentality that seems to pervade our 
country.  The government (and other agencies) seem to think it's okay 
to swoop into an ISP and gather all sorts of data for their various 
witch hunts.  If someone comes to me and demands the last 30 days of 
e-mail from a customer account, I can honestly say I don't have it.  It 
protects the customer, and it gives me plausible deniability.

That being said, I believe there are federal laws that *require* the 
government to archive all e-mail messages to elected officials.  They 
can't really use any of the reasons I've mentioned here-- they *must* 
implement mechanisms to copy all messages and archive them to backup 
media.  As a result, the whole White House debacle is at best an 
embarrassment to the IT clowns over there, and more probably a 
violation of law that should be investigated.

$0.02,
Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20080227/1f3fdcdd/attachment.pgp>