IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.121 Regular deletion of e-mails
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: IT-user
E-mail should not remain stored on the stack of incoming mail for an
unnecessarily long period of time. E-mail should either be deleted after it has
been read, or relocated to a corresponding user directory if it is to be retained.
If too much e-mail is archived on the incoming stack, the IT system (mail
server or mail client) managing this stack will reject new incoming e-mail if
the storage space becomes insufficient.
Users must be informed that e-mail which they have deleted via their mail
application is usually not erased irrevocably. Instead of deleting e-mail
immediately, many programs transfer it to a special folder. Users must be
briefed on how to completely delete e-mail on their clients.
Even after having been deleted completely on a client, e-mail may still be
present on a mail server. Many Internet providers and administrators archive
incoming and outgoing e-mail. Instead of deleting e-mail, many mail
applications transfer it to a cybernetic rubbish bin which is emptied every now
and then.
Users must be made aware of the fact that the confidentiality of e-mail can
only be ensured by encryption, and not necessarily by quick deletion
following receipt.
Additional controls:
- Do users know how to delete their e-mail?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000